UBUNTU-CVE-2026-24413
- Source
- https://ubuntu.com/security/CVE-2026-24413
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-24413.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-24413
- Upstream
- Published
- 2026-01-29T18:16:00Z
- Modified
- 2026-02-04T17:38:38Z
- Severity
-
- 6.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the
%ProgramData%\icinga2\varfolder on Windows. This resulted in the its contents - including the private key of the user and synced configuration - being readable by all local users. All installations on Windows are affected. Versions 2.13.14, 2.14.8, and 2.15.2 contains a fix. There are two possibilities to work around the issue without upgrading Icinga 2. Upgrade Icinga for Windows to at least version v1.13.4, v1.12.4, or v1.11.2. These version will automatically fix the ACLs for the Icinga 2 agent as well. Alternatively, manually update the ACL for the given folderC:\ProgramData\icinga2\var(andC:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificateto fix the issue for the Icinga for Windows as well) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access. - References
-
- https://ubuntu.com/security/CVE-2026-24413
- https://www.cve.org/CVERecord?id=CVE-2026-24413
- https://github.com/Icinga/icinga-powershell-framework/security/advisories/GHSA-88h5-rrm6-5973
- https://github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr
- https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-and-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2
Affected packages
Ubuntu:16.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2@2.4.1-2ubuntu1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "icinga2",
"binary_version": "2.4.1-2ubuntu1"
},
{
"binary_name": "icinga2-bin",
"binary_version": "2.4.1-2ubuntu1"
},
{
"binary_name": "icinga2-classicui",
"binary_version": "2.4.1-2ubuntu1"
},
{
"binary_name": "icinga2-common",
"binary_version": "2.4.1-2ubuntu1"
},
{
"binary_name": "icinga2-ido-mysql",
"binary_version": "2.4.1-2ubuntu1"
},
{
"binary_name": "icinga2-ido-pgsql",
"binary_version": "2.4.1-2ubuntu1"
},
{
"binary_name": "icinga2-studio",
"binary_version": "2.4.1-2ubuntu1"
},
{
"binary_name": "libicinga2",
"binary_version": "2.4.1-2ubuntu1"
},
{
"binary_name": "vim-icinga2",
"binary_version": "2.4.1-2ubuntu1"
}
]
}Ubuntu:18.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2@2.8.1-0ubuntu2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "icinga2",
"binary_version": "2.8.1-0ubuntu2"
},
{
"binary_name": "icinga2-bin",
"binary_version": "2.8.1-0ubuntu2"
},
{
"binary_name": "icinga2-classicui",
"binary_version": "2.8.1-0ubuntu2"
},
{
"binary_name": "icinga2-common",
"binary_version": "2.8.1-0ubuntu2"
},
{
"binary_name": "icinga2-ido-mysql",
"binary_version": "2.8.1-0ubuntu2"
},
{
"binary_name": "icinga2-ido-pgsql",
"binary_version": "2.8.1-0ubuntu2"
},
{
"binary_name": "icinga2-studio",
"binary_version": "2.8.1-0ubuntu2"
},
{
"binary_name": "libicinga2",
"binary_version": "2.8.1-0ubuntu2"
},
{
"binary_name": "vim-icinga2",
"binary_version": "2.8.1-0ubuntu2"
}
]
}Ubuntu:20.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2@2.11.2-1ubuntu3?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "icinga2",
"binary_version": "2.11.2-1ubuntu3"
},
{
"binary_name": "icinga2-bin",
"binary_version": "2.11.2-1ubuntu3"
},
{
"binary_name": "icinga2-common",
"binary_version": "2.11.2-1ubuntu3"
},
{
"binary_name": "icinga2-ido-mysql",
"binary_version": "2.11.2-1ubuntu3"
},
{
"binary_name": "icinga2-ido-pgsql",
"binary_version": "2.11.2-1ubuntu3"
},
{
"binary_name": "vim-icinga2",
"binary_version": "2.11.2-1ubuntu3"
}
]
}Ubuntu:22.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2@2.13.2-1build2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "icinga2",
"binary_version": "2.13.2-1build2"
},
{
"binary_name": "icinga2-bin",
"binary_version": "2.13.2-1build2"
},
{
"binary_name": "icinga2-common",
"binary_version": "2.13.2-1build2"
},
{
"binary_name": "icinga2-ido-mysql",
"binary_version": "2.13.2-1build2"
},
{
"binary_name": "icinga2-ido-pgsql",
"binary_version": "2.13.2-1build2"
},
{
"binary_name": "vim-icinga2",
"binary_version": "2.13.2-1build2"
}
]
}Ubuntu:24.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2@2.14.2-1build2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "icinga2",
"binary_version": "2.14.2-1build2"
},
{
"binary_name": "icinga2-bin",
"binary_version": "2.14.2-1build2"
},
{
"binary_name": "icinga2-common",
"binary_version": "2.14.2-1build2"
},
{
"binary_name": "icinga2-ido-mysql",
"binary_version": "2.14.2-1build2"
},
{
"binary_name": "icinga2-ido-pgsql",
"binary_version": "2.14.2-1build2"
},
{
"binary_name": "vim-icinga2",
"binary_version": "2.14.2-1build2"
}
]
}Ubuntu:25.10
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2@2.15.0-1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "icinga2",
"binary_version": "2.15.0-1"
},
{
"binary_name": "icinga2-bin",
"binary_version": "2.15.0-1"
},
{
"binary_name": "icinga2-common",
"binary_version": "2.15.0-1"
},
{
"binary_name": "icinga2-ido-mysql",
"binary_version": "2.15.0-1"
},
{
"binary_name": "icinga2-ido-pgsql",
"binary_version": "2.15.0-1"
},
{
"binary_name": "vim-icinga2",
"binary_version": "2.15.0-1"
}
]
}