CVE-2019-9202

HIGH

Nagios IM <2.2.7 - Authenticated RCE

Title source: llm

Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.

nomisec WORKING POC 4 stars

by polict · poc

Core 2

Core References

Vendor Advisory x_refsource_confirm

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

CVSS v3 8.8

EPSS 0.4252

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Status published

Products (1)

nagios/incident_manager < 2.2.7

Published Mar 28, 2019

Tracked Since Feb 18, 2026