📄 Icinga for Windows 1.13.3 Private Key Disclosure

This Metasploit module identifies and exploits insecure default ACL permissions in vulnerable versions of the Icinga for Windows PowerShell Framework. The certificate directory is created with overly permissive read access for the BUILTIN\Users group, allowing any local user to access the...

📄 Icinga for Windows 1.13.3 Private Key Exposure

Icinga for Windows PowerShell Framework versions prior to 1.13.4, 1.12.4, and 1.11.2 install the certificate directory with insecure default permissions. The directory C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate is created with BUILTIN\Users:RX permissions,...

CVE-2026-24414

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...

CVE-2026-24414

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...

CVE-2026-24413 Icinga has insecure permission of %ProgramData%\icinga2\var on Windows

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

Icinga PowerShell Framework security vulnerabilities

Icinga PowerShell Framework is an open-source PowerShell module developed by Icinga. Versions prior to 1.13.4, 1.12.4, and 1.11.2 of the Icinga PowerShell Framework have security vulnerabilities. These vulnerabilities stem from improper permission settings for the certificate directory, which may...

Power-Response Path Traversal Vulnerability

Power-Response is a modular PowerShell framework for event response . A path traversal vulnerability exists in versions of Power-Response prior to 2019-02-02, which can be exploited by an attacker to access locations outside of a restricted directory...

Windows Zero-Day Emerges in Active Exploits

A just-patched vulnerability in the Windows operating system that was previously unknown up until last week is being actively exploited in the wild; it opens the door for full system takeover. Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw...