CVE-2026-24413 Icinga has insecure permission of %ProgramData%\icinga2\var on Windows

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

CVE-2026-24413

CVE-2026-24413 involves the Icinga 2 Windows ACL issue where the folder at C:\ProgramData\icinga2\var could be readable by all local users, potentially exposing the private key and synced configuration. Affected range: Icinga 2 versions starting with 2.3.0 up to 2.13.14, 2.14.8, and 2.15.2 (these...