Skip to main content

Icinga Web 2

13 CVEs product

Monthly

CVE-2025-30164 MEDIUM PATCH This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Icinga Web 2 Suse
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-27609 LOW Monitor

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated low severity (CVSS 1.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Icinga Web 2
NVD GitHub
CVSS 4.0
1.1
EPSS
0.2%
CVE-2025-27405 HIGH PATCH This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Icinga Web 2 Suse
NVD GitHub
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-27404 HIGH PATCH This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Icinga Web 2 Suse
NVD GitHub
CVSS 3.1
7.6
EPSS
0.3%
CVE-2022-24716 HIGH POC PATCH THREAT This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Icinga Web 2
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
89.4%
CVE-2022-24715 HIGH POC PATCH THREAT This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Icinga Web 2
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
14.7%
CVE-2022-24714 MEDIUM PATCH This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Icinga Web 2
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-24368 HIGH POC This Week

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Icinga Web 2 Debian Linux Package Hub
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2018-18250 HIGH POC This Week

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icinga Web 2
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-18249 CRITICAL POC Act Now

Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Icinga Web 2
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18248 MEDIUM POC This Month

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icinga Web 2
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18247 MEDIUM POC This Month

Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icinga Web 2
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-18246 MEDIUM POC This Month

Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Icinga Web 2
NVD
CVSS 3.0
6.5
EPSS
0.5%
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Icinga Web 2 Suse
NVD GitHub
EPSS 0% CVSS 1.1
LOW Monitor

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated low severity (CVSS 1.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Icinga Web 2
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Icinga Web 2 Suse
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Icinga Web 2 Suse
NVD GitHub
EPSS 89% CVSS 7.5
HIGH POC PATCH THREAT This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Icinga Web 2
NVD GitHub Exploit-DB
EPSS 15% CVSS 8.8
HIGH POC PATCH THREAT This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Icinga Web 2
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Icinga Web 2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Icinga Web 2 Debian Linux +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icinga Web 2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icinga Web 2
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icinga Web 2
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Icinga Web 2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy