Loading
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated links or responses, which may facilitate phishing of credentials, account recovery link hijacking, and web cache poisoning.
Use CWE-346, Nagios vendor hub and Nagios Xi product page to widen CVE-2024-14006 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2024-13997, CVE-2025-34286 and CVE-2026-2043 for nearby disclosures in the same product family.