Nagios Network Analyzer — known CVE vulnerabilities
Every CVE whose affected-product data names Nagios Network Analyzer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-28925 — CVSS 9.8 (critical): SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
CVE-2025-28059 — CVSS 7.5 (high): An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to…
CVE-2025-34280 — CVSS 7.2 (high): Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the…
CVE-2021-28924 — CVSS 6.1 (medium): Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.
CVE-2023-7319 — CVSS 5.4 (medium): Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Percentile Calculator menu…
CVE-2025-34278 — CVSS 5.4 (medium): Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page…
CVE-2025-28131 — CVSS 4.6 (medium): A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform…