CVE-2026-24414Incorrect Default Permissions in Icinga-powershell-framework

CWE-276Incorrect Default Permissions2 documents2 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 99.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Icinga Icinga-powershell-frameworkIcinga Powershell Framework
Timeline
PublishedJan 29

Description

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows `certificate` directory grant every user read access, which results in the exposure of private key of the Icinga certificate for the given host. All installations are affected. Versions 1.13.4, 1.12.4, and 1.11.2 contains a patch. Please note that upgrading to a fixed ver

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDicinga/icinga_powershell_framework1.12.01.12.4+2

🔴Vulnerability Details

1
CVEList
Icinga for Windows certificate can have too-open permissions2026-01-29
CVE-2026-24414 — Incorrect Default Permissions | cvebase