Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN791 _____________________________________________________________________ DATE : 13/11/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Nagios XI versions prior to 2026R1.0.1. ===================================================================== https://www.nagios.com/changelog/nagios-xi/ _____________________________________________________________________ Version 2026R1.0.1 Released November 11, 2025 Security Fixed a Command Injection vulnerability within the following wizards: Zabbix Agent, Esensors Websensor, MongoDB Database, MongoDB Server, MySQL Query, Postgres Database, Postgres Query, and Postgres Server (Thanks to Vladislav Berghici of Trend Micro Research for reporting this) [GL:XI#2192,#2193,#2194] - CJD Added Added ability to group OIDs by either interface or MIB name in SNMP Walk Wizard [GL:XI#1985] - JS Added ability to select multiple datasources in Smart Dashboard Graph dashlet [GL:XI#2167] - ZWR Added ability to select Smart Dashboards as the XI home page via Home Page Modification [GL:XI!1852] - ZR Added ability to use relative URLs when creating a View [GL:XI#2062] - DN Added character limits to dashboard and dashlet titles for Smart Dashboards [GL:XI#2133] - ZR Added update users endpoint to the v1 API [GL:XI!1862] - AC Added Y axis labeling so the Graph in Smart Dashboards knows when to use the data labels better and adds custom labels [GL:XI#2166] - ZWR Fixed Fixed a plugin issue causing incorrect latency and execution time values to be returned [GL:XI2025] - DN Fixed a broken Edit Settings link for the Custom Variable Tab in the Manage Components page [GL:XI#2185] - DN Fixed an issue where legacy striped tables do not have colors set in light themes [GL:XI#2102] - JC Fixed an issue causing status cells on the Neptune home page to not filter the Host/Service Status page based on selected status type [GL:XI!1846] - ZR Fixed an issue causing a flicker when adding dashlets [GL:XI#2145] - ZWR Fixed an issue causing 2014 and Classic themes to be unable to access pages written in React [GL:XI#2178] - ZR Fixed an issue where the Smart Dashboard Treemap dashlet could load inaccurate data [GL:XI#2165] - JC Fixed an issue where the path was wrong for the Mod Gearman popup [GL:XI#2168] - ZWR Fixed an issue causing gauges on Legacy Dashboards to not render with PHP version 8.4 [GL:XI#2176] - ZR Fixed an issue where the Smart Dashboard Graph dashlet's tooltip doesn't have a needed space [GL:XI#2177] - ZWR Fixed an issue that was causing some bar graphs to render as line graphs [GL:XI#1974] - DN Fixed an issue where the banners did not show in fullscreen [GL:XI#2110] - ZWR Fixed an issue where new views couldn't be added in non-Neptune themes on the views page and in the top-right menu due to a race condition. [GL:XI#2159] - BB Fixed an issue where users couldn't log in due to duplicate IDs on the login page - BB Fixed an issue causing installs to fail in some IPV4 only environments [GL:XI#2020] - DN Fixed an issue causing improper text overflow for long dashboard and dashlet titles [GL:XI!1901] - JC, ZR Fixed an issue where tooltips weren't wrapping properly - BB Fixed an issue where rrd export could target a nonexistent field, breaking performance graphs [GL:XI#2181] - JC Fixed an issue where tray alert would show empty content [GL:XL#2155] - JC Fixed an issue where the Nagios plugins for Nagios Mod-Gearman did not build - CB Fixed several routing issues [GL:XI#2103,#2115,#2136] - BB Updated Updated value field of xi_options in database to accommodate more text [GL:XI#2137] - JC Updated tray alert to show for non-admin users [GL:XL#2155] - JC Modified critical status color and link colors to be more readable in non-Neptune themes [GL:XI#2162] - JC Removed 5.x.x conditionals from installation/upgrade process - KF Improved installation/upgrade logging – KF Updated system profile script - CD ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================