CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-8w6w-23mq-h8rg: Linuxfabrik Monitoring Plugins: Sudoers may be able to obtain privilege escalation via /usr/bin/apt-get arguments

highCVE-2026-52817
Summary In the Debian.sudoers file, apt-get is allowed for the nagios user. The full command including the arguments are not enforced and can therefore be choosen arbitrarily. This allows to easily get a root shell as the nagios user: PoC By choosing a particular argument, you can get (as a nagios user) a root shell: sudo apt-get update -o APT::Update::Pre-Invoke::="/bin/sh" Since the nagious user can use sudo to run apt-get as root, the resulting shell is also running as root. Impact The vulnerability is a local privilege escalation, impacting users who use the provided sudoers file. It requires that an attacker already compromised the nagios account (which is quite a high barrier to be honest). Fix Since only one place where apt-get is currently used (in deb-updates) was found, it should be enough to allow only the specific arguments used there. Here an example how the line in the sudoers file could look like: /usr/lib64/nagios/plugins/strongswan-connections,\ /usr/lib64/nagios/plugins/systemd-unit,\ /usr/bin/apt-get update --quiet 2

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
high
Published
2026-07-02
Last updated
2026-07-02
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-8w6w-23mq-h8rg

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-52817coverage & exploitation statusNVD · CVE.org

More from GitHub Security Advisories