CVE-2026-24893
Received Received - Intake
Command Injection in openITCOCKPIT Hosts Allows Remote Code Execution

Publication date: 2026-04-14

Last updated on: 2026-04-28

Assigner: GitHub, Inc.

Description
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on the monitoring backend. The vulnerability arises because user-controlled host attributes (specifically the host address) are expanded into monitoring command templates without validation, escaping, or quoting. These templates are later executed by the monitoring engine (Nagios/Icinga) via a shell, resulting in remote code execution. Version 5.5.2 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-14
NVD
CVE-2026-24893
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
it-novum openitcockpit to 5.5.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in openITCOCKPIT Community Edition versions prior to 5.5.2. It is a command injection flaw that allows an authenticated user with permission to add or modify hosts to execute arbitrary operating system commands on the monitoring backend.

This happens because user-controlled host attributes, specifically the host address, are inserted into monitoring command templates without proper validation, escaping, or quoting. These templates are then executed by the monitoring engine (such as Nagios or Icinga) via a shell, which leads to remote code execution.

The issue was fixed in version 5.5.2 of openITCOCKPIT.

Impact Analysis

This vulnerability can have severe impacts because it allows an authenticated user with certain permissions to execute arbitrary commands on the backend system.

  • An attacker could gain unauthorized control over the monitoring backend.
  • It could lead to full system compromise, including data theft, service disruption, or further network penetration.
  • The vulnerability has a high severity score (CVSS 8.8), indicating high impact on confidentiality, integrity, and availability.
Mitigation Strategies

To mitigate this vulnerability, you should upgrade openITCOCKPIT Community Edition to version 5.5.2 or later, where the issue has been patched.

Additionally, restrict permissions so that only trusted users have the ability to add or modify hosts, as the vulnerability requires authenticated user permissions.

Compliance Impact

The vulnerability in openITCOCKPIT Community Edition prior to version 5.5.2 allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on the monitoring backend. This can lead to unauthorized access, data manipulation, or disruption of services.

Such unauthorized command execution and potential data compromise can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data, ensuring data integrity, and preventing unauthorized access.

Specifically, the high CVSS score (8.8) with high impact on confidentiality, integrity, and availability indicates a significant risk that could lead to violations of these regulations if exploited.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24893. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart