Skip to main content

Icinga

26 CVEs product

Monthly

CVE-2026-24413 MEDIUM PATCH This Month

Icinga 2 on Windows versions 2.3.0 through 2.15.1 fail to properly restrict file permissions on the `%ProgramData%\icinga2\var` directory, allowing any local user to read sensitive data including private keys and synchronized configurations. All Windows installations are affected, and attackers with local access can extract cryptographic material and configuration details for lateral movement or further compromise. Patches are available in versions 2.13.14, 2.14.8, and 2.15.2, with workarounds available through updated Icinga for Windows packages or manual ACL remediation.

Windows Icinga Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48057 CRITICAL PATCH This Week

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Icinga Suse
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-49369 CRITICAL PATCH Act Now

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Icinga Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-24820 HIGH POC This Week

Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Icinga
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2021-37698 HIGH This Week

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icinga Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-32743 HIGH POC This Week

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Redis Elastic Information Disclosure Icinga Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-32739 HIGH POC This Week

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Icinga Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-32747 MEDIUM POC This Month

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-32746 MEDIUM POC This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Icinga
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-29663 CRITICAL PATCH Act Now

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Icinga
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-14004 HIGH POC PATCH This Week

An issue was discovered in Icinga2 before v2.12.0-rc1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Icinga Backports Sle Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2018-6535 HIGH This Week

An issue was discovered in Icinga 2.x through 2.8.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.0
8.1
EPSS
1.4%
CVE-2018-6534 MEDIUM This Month

An issue was discovered in Icinga 2.x through 2.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Icinga
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-6533 HIGH This Week

An issue was discovered in Icinga 2.x through 2.8.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Icinga
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6532 HIGH This Week

An issue was discovered in Icinga 2.x through 2.8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Icinga
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-6536 MEDIUM This Month

An issue was discovered in Icinga 2.x through 2.8.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-16933 HIGH POC This Week

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-16882 HIGH This Week

Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-8010 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Icinga Leap
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2014-2386 MEDIUM This Month

Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Icinga Opensuse
NVD VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1878 MEDIUM PATCH This Month

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Icinga Nagios
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2013-7108 MEDIUM POC THREAT This Month

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.6%.

Denial Of Service Nagios Icinga
NVD Exploit-DB
CVSS 2.0
5.5
EPSS
48.6%
Threat
4.1
CVE-2013-7107 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Icinga
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-7106 MEDIUM This Month

Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Icinga
NVD
CVSS 2.0
6.5
EPSS
1.7%
CVE-2012-6096 HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.9%.

Buffer Overflow RCE Nagios Icinga
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
79.9%
Threat
5.4
CVE-2012-3441 HIGH This Week

The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Icinga
NVD
CVSS 2.0
7.5
EPSS
0.6%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Icinga 2 on Windows versions 2.3.0 through 2.15.1 fail to properly restrict file permissions on the `%ProgramData%\icinga2\var` directory, allowing any local user to read sensitive data including private keys and synchronized configurations. All Windows installations are affected, and attackers with local access can extract cryptographic material and configuration details for lateral movement or further compromise. Patches are available in versions 2.13.14, 2.14.8, and 2.15.2, with workarounds available through updated Icinga for Windows packages or manual ACL remediation.

Windows Icinga Suse
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH This Week

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Icinga +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Icinga Debian Linux
NVD GitHub
EPSS 0% CVSS 8.3
HIGH POC This Week

Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Icinga
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icinga Debian Linux
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Redis Elastic Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Icinga Debian Linux
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icinga
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Icinga
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Icinga
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in Icinga2 before v2.12.0-rc1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Icinga Backports Sle +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

An issue was discovered in Icinga 2.x through 2.8.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Icinga
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in Icinga 2.x through 2.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Icinga
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in Icinga 2.x through 2.8.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Icinga
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Icinga 2.x through 2.8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Icinga
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Icinga 2.x through 2.8.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Icinga
NVD GitHub
EPSS 0% CVSS 7.0
HIGH POC This Week

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure Icinga
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Icinga
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Icinga Leap
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Icinga +1
NVD VulDB
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Icinga +1
NVD
EPSS 49% 4.1 CVSS 5.5
MEDIUM POC THREAT This Month

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.6%.

Denial Of Service Nagios Icinga
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Icinga
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD
EPSS 80% 5.4 CVSS 7.5
HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.9%.

Buffer Overflow RCE Nagios +1
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Icinga
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy