EIP-2026-109819

PRE-CVE

Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109819. PoCs published by Security-Assessment.com.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Nagios Incident Manager <= 2.0.0, including command injection, SQL injection, and stored XSS. The command injection allows remote code execution as the 'apache' user via crafted GET requests, while SQL injection and XSS are also detailed with specific payloads.

Description

Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Security-Assessment.com · textwebappsphp

https://www.exploit-db.com/exploits/40252

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Nagios Incident Manager <= 2.0.0, including command injection, SQL injection, and stored XSS. The command injection allows remote code execution as the 'apache' user via crafted GET requests, while SQL injection and XSS are also detailed with specific payloads.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Nagios Incident Manager <= 2.0.0

Auth required

Prerequisites: Authenticated user access · Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026