CVE-2026-24893

Name of the Vulnerable Software and Affected Versions openITCOCKPIT Community Edition versions prior to 5.5.2

Description An authenticated user with permissions to add or modify hosts can execute arbitrary OS commands on the monitoring backend. This occurs because user-controlled host attributes, specifically the host address, are expanded into monitoring command templates without proper validation, escaping, or quoting. These templates are subsequently executed by the monitoring engine (Nagios/Icinga) via a shell, leading to remote code execution.

Recommendations Update to version 5.5.2.