EUVD-2023-26637

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Netdata allows command execution via unvalidated alert data, fixed in v1.37 and v1.36.0-409.

Reporter	Title	Published	Views	Family All 21
AlpineLinux	CVE-2023-22496	14 Jan 202300:59	–	alpinelinux
CNNVD	Netdata 命令注入漏洞	14 Jan 202300:00	–	cnnvd
CNVD	Netdata Command Injection Vulnerability	17 Jan 202300:00	–	cnvd
CVE	CVE-2023-22496	14 Jan 202300:59	–	cve
Cvelist	CVE-2023-22496 Netdata vulnerable to command injection	14 Jan 202300:59	–	cvelist
Debian CVE	CVE-2023-22496	14 Jan 202300:59	–	debiancve
NVD	CVE-2023-22496	14 Jan 202301:15	–	nvd
OSV	CVE-2023-22496 Netdata vulnerable to command injection	14 Jan 202300:59	–	osv
OSV	DEBIAN-CVE-2023-22496	14 Jan 202301:15	–	osv
OSV	OESA-2024-1050 netdata security update	12 Jan 202411:06	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "8c4db341-3194-362d-a664-e463f34366bf",
        "vendor": {
          "name": "netdata"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "4df70f34-650d-3749-8363-b1680b2bd899",
        "product": {
          "name": "netdata"
        },
        "product_version": "< 1.36.0-409"
      },
      {
        "id": "d5ae261a-28f7-3c8b-9760-fa3e2f112fc2",
        "product": {
          "name": "netdata"
        },
        "product_version": "< 1.37"
      }
    ]
  }
]

Source	Link
suse	www.suse.com/security/cve/CVE-2023-22496.html
github	www.github.com/netdata/netdata/security/advisories/GHSA-xg38-3vmw-2978

03 Oct 2025 20:07Current

8.6High risk

Vulners AI Score8.6

CVSS 3.18.1 - 9.8

EPSS0.01884

SSVC