{“lastseen”:””,”description”:”Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability via the experimental ‘Natural Language Queries’ feature. Configuration values for this feature are read from the application settings and incorporated into a system command without adequate validation or restriction of special characters. An authenticated user with access to global configuration can abuse these settings to execute arbitrary operating system commands with the privileges of the web server account, leading to compromise of the Log Server host.”,”published”:”2025-11-17T17:48:04.503Z”,”modified”:”2025-11-17T21:36:26.201Z”,”type”:”cve”,”title”:”Nagios Log Server \\u003c 2026R1.0.1 Authenticated Command Injection via Natural Language Queries”,”source”:”VulnCheck”,”references”:”https:\/\/www.nagios.com\/products\/security\/#log-server\\nhttps:\/\/www.nagios.com\/changelog\/nagios-log-server\/nagios-log-server-2026r1-0-1\/\\nhttps:\/\/www.vulncheck.com\/advisories\/nagios-log-server-authenticated-command-injection-via-natural-language-queries”,”id”:”CVE-2025-34322″,”bulletinFamily”:””,”cwe”:[“CWE-78″],”cvelist”:null,”sourceData”:”Nagios Log Server 0″,”sourceHref”:””,”cvss”:{“score”:8.6,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:H\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Log Server”,”version”:”0″,”vendor”:”Nagios”,”ai_description”:”Authenticated command injection vulnerability via the experimental ‘Natural Language Queries’ feature”,”ai_severity”:”High”,”ai_vendor”:”Nagios”,”ai_product”:”Nagios Log Server”,”ai_version”:”\\u003c 2026R1.0.1″,”ai_score”:8.6}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability via the experimental ‘Natural Language Queries’ feature. Configuration values for this feature…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,81,12,15,13,7,11,5],"class_list":["post-26490","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-86","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n