Icinga Security Vulnerabilities (CVEs)
Track 13 security vulnerabilities affecting Icinga products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
The Icinga 2 MSI installer on Windows sets overly permissive folder permissions, allowing all local users to read sensitive files including private ke...
Jan 29, 2026This vulnerability allows the Icinga daemon user to send signals to arbitrary processes by exploiting a race condition in the safe-reload script and l...
Oct 16, 2025This vulnerability allows authenticated API users in Icinga 2 to bypass permission restrictions and access sensitive information they shouldn't have a...
Oct 16, 2025This vulnerability in Icinga 2 allows any authenticated API user to crash the monitoring daemon by creating invalid references (like null references) ...
Oct 16, 2025This vulnerability in Icinga DB Web allows authorized users to bypass variable protection mechanisms and guess values of protected or hidden custom va...
Oct 16, 2025A certificate validation vulnerability in Icinga 2 allows attackers to obtain valid certificates by tricking the system into treating malicious certif...
May 27, 2025CVE-2025-27609 is a cross-site scripting (XSS) vulnerability in Icinga Web 2 that allows attackers to inject arbitrary JavaScript into the web interfa...
Mar 26, 2025This is a cross-site scripting (XSS) vulnerability in Icinga Web 2 that allows attackers to craft malicious URLs. When any user visits such a URL, arb...
Mar 26, 2025CVE-2024-49369 is a critical TLS certificate validation flaw in Icinga 2 that allows attackers to impersonate trusted cluster nodes and API users usin...
Nov 12, 2024CVE-2024-24820 is a Cross-Site Request Forgery (CSRF) vulnerability in Icinga Director that allows attackers to perform unauthorized configuration cha...
Feb 9, 2024This vulnerability allows authenticated users with configuration access in Icinga Web 2 to create SSH resource files in unintended directories, leadin...
Mar 8, 2022Icinga 2 monitoring system exposes sensitive credentials (database, Redis, Elasticsearch passwords) through its API to authenticated users with read p...
Jul 15, 2021This vulnerability in Icinga 2 allows revoked certificates to be automatically renewed despite being on a Certificate Revocation List (CRL), bypassing...
Dec 15, 2020Why Monitor Icinga Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 13+ known vulnerabilities affecting Icinga products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Icinga packages in under 60 seconds. No agents required - completely agentless scanning that works across Icinga deployments.
Free vulnerability database: Access detailed information about every Icinga CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Icinga CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
