Primary

Context

Nagios XI Host Header Injection Vulnerability

Vulnerability

Patched

A host header injection vulnerability has been identified in Nagios XI versions prior to 2024R1.2.2. This vulnerability arises because the application does not properly validate user-supplied HTTP Host headers when creating absolute URLs. As a result, an unauthenticated, remote attacker can send a crafted Host header to manipulate generated links or responses. This could lead to phishing attacks for credentials, hijacking of account recovery links, and web cache poisoning.

Impact

Exploitation of this vulnerability could allow for host header injection, leading to web cache poisoning and potential phishing attacks.

Remediation

Users can update to Nagios XI version 2024R1.2.2 or later to address this vulnerability.

Added: Oct 30, 2025, 10:43 PM

Updated: Oct 30, 2025, 10:43 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios XI Host Header Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nagios XI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating