EUVD-2026-22703

| CVE-2026-24893 HIGH
2026-04-14 GitHub_M
Command Injection RCE
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 17, 2026 - 15:52 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 05:57 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
patch_available
Apr 16, 2026 - 05:29 EUVD
5.5.2
Analysis Generated
Apr 14, 2026 - 22:39 vuln.today

DescriptionNVD

openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on the monitoring backend. The vulnerability arises because user-controlled host attributes (specifically the host address) are expanded into monitoring command templates without validation, escaping, or quoting. These templates are later executed by the monitoring engine (Nagios/Icinga) via a shell, resulting in remote code execution. Version 5.5.2 patches the issue.

AnalysisAI

Remote code execution in openITCOCKPIT Community Edition (versions prior to 5.5.2) allows authenticated users with host management permissions to execute arbitrary OS commands on the monitoring backend via command injection in host address fields. The vulnerability stems from unsanitized user input being expanded into Nagios/Icinga monitoring command templates and executed via shell, enabling full system compromise. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all openITCOCKPIT Community Edition deployments and identify instances running versions prior to 5.5.2. Within 7 days: Apply vendor-released patch to upgrade all affected instances to version 5.5.2 or later, testing in non-production environments first. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-22703 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy