Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-40345. PoCs published by ArianeBlow.
AI-analyzed exploit summary This PoC demonstrates an authenticated RFI to RCE exploit in Nagios XI by modifying a dashlet's .inc.php file to include a reverse shell, then uploading it back to the system.
Description
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.
Exploits (1)
nomisec
WORKING POC
by ArianeBlow · poc
https://github.com/ArianeBlow/NagiosXI-RCE-all-version-CVE-2021-40345
This PoC demonstrates an authenticated RFI to RCE exploit in Nagios XI by modifying a dashlet's .inc.php file to include a reverse shell, then uploading it back to the system.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Nagios XI (all versions)
Auth required
Prerequisites:
Authenticated access to Nagios XI admin interface · Ability to download and upload dashlets
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Release Notes, Vendor Advisory
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Exploit, Third Party Advisory
https://github.com/ArianeBlow/NagiosXI-EmersonFI/blob/main/README.md
Not Applicable
https://synacktiv.com
Exploit, Third Party Advisory
https://www.synacktiv.com/sites/default/files/2021-10/Nagios_XI_multiple_vulnerabilities_0.pdf
Scores
CVSS v3
7.2
EPSS
0.2304
EPSS Percentile
97.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
nagios/nagios_xi
5.8.5
Published
Oct 26, 2021
Tracked Since
Feb 18, 2026