CVE-2026-24413

Name of the Vulnerable Software and Affected Versions Icinga 2 versions 2.3.0 through 2.13.14 Icinga 2 versions 2.3.0 through 2.14.8 Icinga 2 versions 2.3.0 through 2.15.2

Description Icinga 2 is an open source monitoring system. The MSI installer did not configure appropriate permissions for the %ProgramData%icinga2var folder on Windows systems. This allowed all local users to read the folder's contents, including the private key of the user and synced configuration. All installations on Windows are affected.

Recommendations Icinga 2 versions prior to 2.13.14 should be upgraded. Icinga 2 versions prior to 2.14.8 should be upgraded. Icinga 2 versions prior to 2.15.2 should be upgraded. Upgrade Icinga for Windows to at least version v1.13.4. Upgrade Icinga for Windows to at least version v1.12.4. Upgrade Icinga for Windows to at least version v1.11.2. Manually update the ACL for the folder C:ProgramDataicinga2var (and C:Program FilesWindowsPowerShellmodulesicinga-powershell-frameworkcertificate) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access.