Vulnerability in Icinga Icinga2

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This res…

EPSS: 0.000 (1.4th percentile) — read the EPSS interpretation.

Affected products

Icinga Icinga2 — versions >= 2.3.0, < 2.13.14, >= 2.14.0, < 2.14.8, >= 2.15.0, < 2.15.2

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

https://github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr (x_refsource_CONFIRM)
https://github.com/Icinga/icinga-powershell-framework/security/advisories/GHSA-88h5-rrm6-5973 (x_refsource_MISC)
https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-and-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2 (x_refsource_MISC)