Icinga

This hub aggregates every CVE we track for Icinga, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Icinga.

• CVE-2026-24413Icinga has insecure permission of %ProgramData%\icinga2\var on Windows5.5Jan 29, 2026
• CVE-2025-61909Icinga 2 signals sent as root to processes based on PID file written by the Icinga 2 daemon user4.4Oct 16, 2025
• CVE-2025-61908Icinga 2 Denial of Service (DoS) By Dereferencing Invalid Reference6.5Oct 16, 2025
• CVE-2025-61907Icinga 2 API users could access restricted values in filter expressions6.5Oct 16, 2025
• CVE-2025-48057Icinga 2 certificate renewal might incorrectly renew an invalid certificate9.8May 27, 2025
• CVE-2024-49369Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections9.8Nov 12, 2024
• CVE-2024-24820Icinga Director configuration is susceptible to Cross-Site Request Forgery8.3Feb 9, 2024
• CVE-2021-37698Missing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2Writer7.5Aug 19, 2021
• CVE-2021-32743Passwords used to access external services inadvertently exposed through API8.8Jul 15, 2021
• CVE-2021-32739Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities8.8Jul 15, 2021
• CVE-2021-32747Custom variable protection and blacklists can be circumvented5.3Jul 12, 2021
• CVE-2021-32746Possible path traversal by use of the `doc` module5.3Jul 12, 2021
• CVE-2020-29663Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.1...9.1Dec 15, 2020
• CVE-2020-14004An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an...7.8Jun 12, 2020
• CVE-2018-6535An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.8.1Feb 27, 2018