EIP-2026-109823

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109823. PoCs published by Security-Assessment.com.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Nagios XI <= 5.2.7, including unauthenticated SQL injection, authentication bypass, command injection, and privilege escalation to root via sudo misconfiguration. The PoC includes detailed payloads and steps to chain these vulnerabilities for full remote code execution.

Description

Nagios XI 5.2.7 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Security-Assessment.com · textwebappsphp

https://www.exploit-db.com/exploits/39899

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Nagios XI <= 5.2.7, including unauthenticated SQL injection, authentication bypass, command injection, and privilege escalation to root via sudo misconfiguration. The PoC includes detailed payloads and steps to chain these vulnerabilities for full remote code execution.

Classification

Working Poc 95%

Attack Type

Rce | Lpe | Sqli | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI <= 5.2.7

No auth needed

Prerequisites: Network access to the Nagios XI web interface · No prior authentication required

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1505 - Server Software Component T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nagios XI 5.2.7 - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details