D3Lt4

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to 2026R1 **Description** Nagios XI versions prior to 2026R1 contain a remote code execution issue in the Core Config Manager (CCM) Run Check command. Insufficient validation and escaping of parameters used to construct backend command lines allows an authenticated administrator to inject shell metacharacters that are executed on the server. Successful exploitation results in arbitrary command execution with the privileges of the Nagios XI web application user, potentially leading to control of the underlying host operating system. **Recommendations** Nagios XI versions prior to 2026R1 should be updated to version 2026R1 or later.