CVE-2024-13986

high-risk

Published 2025-08-28

Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user.

Do I need to act?

1.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (14)

Nagios Xi

Affected Vendors

Nagios

References (5)

Exploit https://theyhack.me/Nagios-XI-Authenticated-RCE

https://www.nagios.com/changelog/nagios-xi/

https://www.nagios.com/products/security/#nagios-xi

https://www.vulncheck.com/advisories/nagios-xi-authenticated-arbitrary-file-uplo...

Exploit https://theyhack.me/Nagios-XI-Authenticated-RCE/

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 4/34 · Minimal

Exposure 18/34 · Moderate