CVE-2026-24893
Command Injection in openITCOCKPIT Hosts Allows Remote Code Execution
Publication date: 2026-04-14
Last updated on: 2026-04-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| it-novum | openitcockpit | to 5.5.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in openITCOCKPIT Community Edition versions prior to 5.5.2. It is a command injection flaw that allows an authenticated user with permission to add or modify hosts to execute arbitrary operating system commands on the monitoring backend.
This happens because user-controlled host attributes, specifically the host address, are inserted into monitoring command templates without proper validation, escaping, or quoting. These templates are then executed by the monitoring engine (such as Nagios or Icinga) via a shell, which leads to remote code execution.
The issue was fixed in version 5.5.2 of openITCOCKPIT.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows an authenticated user with certain permissions to execute arbitrary commands on the backend system.
- An attacker could gain unauthorized control over the monitoring backend.
- It could lead to full system compromise, including data theft, service disruption, or further network penetration.
- The vulnerability has a high severity score (CVSS 8.8), indicating high impact on confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade openITCOCKPIT Community Edition to version 5.5.2 or later, where the issue has been patched.
Additionally, restrict permissions so that only trusted users have the ability to add or modify hosts, as the vulnerability requires authenticated user permissions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in openITCOCKPIT Community Edition prior to version 5.5.2 allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on the monitoring backend. This can lead to unauthorized access, data manipulation, or disruption of services.
Such unauthorized command execution and potential data compromise can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data, ensuring data integrity, and preventing unauthorized access.
Specifically, the high CVSS score (8.8) with high impact on confidentiality, integrity, and availability indicates a significant risk that could lead to violations of these regulations if exploited.