Primary

Context

Nagios Log Server Local Privilege Escalation Vulnerability

Vulnerability

Patched

A local privilege escalation vulnerability has been identified in Nagios Log Server versions prior to 2026R1.0.1. This issue arises from an unsafe interaction between sudo rules and file system permissions. The web server account is given passwordless sudo access to certain maintenance scripts, while also being part of a group that can write to the directory containing those scripts. A local attacker, using the web server user, can replace one of the allowed scripts with a malicious program and execute it via sudo, leading to arbitrary code execution with root privileges.

Impact

Exploitation of this vulnerability allows for local privilege escalation, with the potential for arbitrary code execution as the root user.

Remediation

Users are advised to upgrade to Nagios Log Server version 2026R1.0.1 or later.

Added: Nov 17, 2025, 6:27 PM

Updated: Nov 17, 2025, 6:27 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

3.8

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

3.8

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios Log Server Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nagios Log Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating