Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-36867
CVE-2020-36867:
Nagios XI vulnerability analysis and mitigation
Overview
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. The vulnerability is tracked as CVE-2020-36867 and was discovered by Christian Weiler. The issue was disclosed on October 30, 2025 and has a CVSS score of 8.7, indicating high severity (VulnCheck).
Technical details
The vulnerability exists in the report PDF download/export functionality where user-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped. This allows for improper neutralization of special elements used in OS commands (CWE-78) (VulnCheck).
Impact
The vulnerability allows an authenticated attacker who can trigger PDF exports to inject shell metacharacters or arguments, potentially leading to command injection on the underlying system (VulnCheck).
Mitigation and workarounds
Users should upgrade to Nagios XI version 5.7.3 or later which contains fixes for this vulnerability (Nagios Changelog).
Additional resources
Source: This report was generated using AI
Related Nagios XI vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management