PatchSiren cyber security CVE debrief

CVE-2016-10089 Nagios CVE debrief

CVE-2016-10089 describes a local privilege-escalation weakness in Nagios where a local user can gain root privileges by abusing a hard link attack against the Nagios init script file. NVD rates the issue High (CVSS 7.8) and classifies it as requiring local access with low privileges, but no user interaction. The vulnerability was publicly disclosed in the CVE record on 2017-02-15, with advisory references in late 2016.

Vendor: Nagios
Product: CVE-2016-10089
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-15
Original CVE updated: 2026-05-13
Advisory published: 2017-02-15
Advisory updated: 2026-05-13

Who should care

System administrators, security teams, and operators running Nagios on multi-user Linux/Unix systems should care most, especially where local shell access is available to non-root users. Shared hosts and environments with delegated admin or service accounts deserve extra attention because the attack requires local access and targets root-level file handling.

Technical summary

The source corpus says Nagios 4.3.2 and earlier is affected, and the NVD record maps vulnerable Nagios CPE versions through 4.2.4. The flaw is a local hard-link attack against the Nagios init script file that can be used to obtain root privileges. NVD’s CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and the listed weakness is CWE-264.

Defensive priority

High for any affected Nagios installation on a system where untrusted local users can obtain shell access. Treat as an urgent hardening and patching item on shared or multi-user systems, because successful abuse can result in root compromise.

Recommended defensive actions

Update Nagios to a version that contains the vendor fix for the hard-link privilege-escalation issue.
Review Nagios init script ownership and permissions to ensure only trusted administrative paths can modify or replace it.
Limit local logins and shell access on systems running Nagios, especially where multiple users share the host.
Inspect the environment for unexpected hard links or unauthorized changes involving Nagios init scripts and related startup files.
Use the official CVE/NVD and referenced advisories to confirm the exact affected version range for your deployment before scheduling remediation.

Evidence notes

Supported by the NVD CVE record and the CVE description provided in the source corpus. The description states that Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. The NVD metadata lists CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, CWE-264, and a vulnerable CPE range ending at 4.2.4. Because the supplied corpus contains a version-scope mismatch between the textual description and the CPE criteria, validate the precise fixed version against vendor guidance before applying a patch plan.

Official resources

CVE-2016-10089 CVE record
CVE.org
CVE-2016-10089 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry

Publicly disclosed in the CVE record on 2017-02-15. The advisory references in the supplied corpus date to 2016-12-30. The NVD entry was later modified on 2026-05-13, but that is a record-update date, not the vulnerability’s discovery or CV