302 CVEs

4 in CISA KEV

nagios Vulnerabilities

CVE security advisories and vulnerability history for nagios.

302

Total CVEs

Published

4

In CISA KEV

Exploited in the wild

65

Public exploits

With known exploit

7.0

Avg CVSS

2005–2026

Overview

nagios has 302 published CVE records since 2005, of which 4 are in CISA's Known Exploited Vulnerabilities catalog and 65 have a known public exploit. The average CVSS base score across scored CVEs is 7.0.

This page aggregates every publicly disclosed vulnerability (CVE) affecting nagios products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of nagios's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical21

High48

Medium69

Low1

163 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

4

4 of nagios's CVEs are confirmed exploited in the wild.

Public exploits

65

65 of nagios's CVEs have a known public exploit available.

Most affected products

The nagios products with the most published CVEs.

nagios xi194 CVEs
XI78 CVEs
nagios37 CVEs
Log Server23 CVEs
fusion19 CVEs
nagioscore13 CVEs
network analyzer7 CVEs
nagios core5 CVEs

Common weakness types

The CWE weakness categories most often found in nagios CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish nagios CVE records.

Disclosure activity by year

How many nagios CVEs were published each year.

2019

15

2020

24

2021

51

2022

11

2023

7

2024

8

2025

120

2026

3

Latest nagios CVEs

The most recently disclosed vulnerabilities affecting nagios.

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability
CWE-78
High · CVSS 7.2
EPSS 2.1%2026-02-20
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability
CWE-78
High · CVSS 7.2
EPSS 1.8%2026-02-20
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability
CWE-78
High · CVSS 7.2
EPSS 2.1%2026-02-20
High vulnerability · 2025-12-29
CWE-89
High · CVSS 8.8
EPSS 0.5%2025-12-29
High vulnerability · 2025-12-29
CWE-22
High · CVSS 7.5
EPSS 2.7%2025-12-29
Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo
CWE-732
High · CVSS 8.6
EPSS 0.1%2025-12-16
Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules
CWE-732
High · CVSS 8.5
EPSS 0.0%2025-11-17
Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries
CWE-78
High · CVSS 8.6
EPSS 0.4%2025-11-17
Nagios XI < 5.8.7 XSS in Core UI Views URL handling
CWE-79
Medium · CVSS 5.1
EPSS 0.5%2025-11-03
Nagios XI < 2024R1.1.3 Privilege Escalation via Migrate Server Feature to Root on Host
CWE-269
Critical · CVSS 9.4
EPSS 0.2%2025-11-03
Nagios XI < 2024R1.1.3 API Keys & Hashed Passwords Authenticated Information Disclosure
CWE-497
Medium · CVSS 6.0
EPSS 1.6%2025-11-03
Nagios XI < 2024R1.1 XSS via Missing Page / 404
CWE-79
Medium · CVSS 5.1
EPSS 0.7%2025-10-31

Track new nagios CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor nagios CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

paloaltonetworks311 CVEs Palo Alto Networks311 CVEs Hewlett Packard Enterprise311 CVEs opera311 CVEs Schneider Electric300 CVEs python300 CVEs deltaww296 CVEs openstack294 CVEs

Browse all vendors

Frequently asked questions

Common questions about nagios vulnerabilities.

How many CVEs does nagios have?

nagios has 302 published CVE records since 2005, including 123 in the last two years.

How many nagios CVEs are in CISA KEV?

Yes — 4 of nagios's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which nagios products have the most CVEs?

The nagios products with the most published CVEs are nagios xi, XI, nagios, Log Server, fusion.

What are the most common weakness types in nagios CVEs?

nagios's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-269 (Improper Privilege Management).

Are there public exploits for nagios vulnerabilities?

Yes — 65 of nagios's CVEs have a known public exploit.

How many critical nagios vulnerabilities are there?

nagios has 21 critical and 48 high-severity CVEs.

What is the average severity of nagios CVEs?

The average CVSS base score across nagios's scored CVEs is 7.0.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track nagios vulnerabilities

Monitor new nagios vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing