Vulnerability-Lookup

WID-SEC-W-2026-0260

Vulnerability from csaf_certbund - Published: 2026-01-29 23:00 - Updated: 2026-02-01 23:00

Summary

Icinga: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Icinga ist ein Monitoring System.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Icinga ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme: - Windows

CVE-2026-24413

Affected products

Known affected 4 products

Product	Identifier	Version
Open Source Icinga <2.15.2 Open Source / Icinga		<2.15.2
Open Source Icinga <2.13.14 Open Source / Icinga		<2.13.14
Open Source Icinga <2.14.8 Open Source / Icinga		<2.14.8
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-24414

Affected products

Known affected 4 products

Product	Identifier	Version
Open Source Icinga <1.13.4 Open Source / Icinga		<1.13.4
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Icinga <1.12.4 Open Source / Icinga		<1.12.4
Open Source Icinga <1.11.2 Open Source / Icinga		<1.11.2

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://icinga.com/blog/releasing-icinga-2-v2-15-…	external
https://github.com/Icinga/icinga2/security/adviso…	external
https://github.com/Icinga/icinga-powershell-frame…	external
https://lists.opensuse.org/archives/list/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Icinga ist ein Monitoring System.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Icinga ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0260 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0260.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0260 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0260"
      },
      {
        "category": "external",
        "summary": "Icinga Security Announcement vom 2026-01-29",
        "url": "https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-and-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2/"
      },
      {
        "category": "external",
        "summary": "Icinga GitHub vom 2026-01-29",
        "url": "https://github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr"
      },
      {
        "category": "external",
        "summary": "Icinga GitHub vom 2026-01-29",
        "url": "https://github.com/Icinga/icinga-powershell-framework/security/advisories/GHSA-88h5-rrm6-5973"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10113-1 vom 2026-01-31",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQ5PNVB647WE3TWZVPPUBXDB2WBN6GPZ/"
      }
    ],
    "source_lang": "en-US",
    "title": "Icinga: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2026-02-01T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-02T08:50:30.131+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0260",
      "initial_release_date": "2026-01-29T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-29T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-02-01T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.11.2",
                "product": {
                  "name": "Open Source Icinga \u003c1.11.2",
                  "product_id": "T050434"
                }
              },
              {
                "category": "product_version",
                "name": "1.11.2",
                "product": {
                  "name": "Open Source Icinga 1.11.2",
                  "product_id": "T050434-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:icinga:icinga:1.11.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.12.4",
                "product": {
                  "name": "Open Source Icinga \u003c1.12.4",
                  "product_id": "T050435"
                }
              },
              {
                "category": "product_version",
                "name": "1.12.4",
                "product": {
                  "name": "Open Source Icinga 1.12.4",
                  "product_id": "T050435-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:icinga:icinga:1.12.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.13.4",
                "product": {
                  "name": "Open Source Icinga \u003c1.13.4",
                  "product_id": "T050436"
                }
              },
              {
                "category": "product_version",
                "name": "1.13.4",
                "product": {
                  "name": "Open Source Icinga 1.13.4",
                  "product_id": "T050436-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:icinga:icinga:1.13.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.15.2",
                "product": {
                  "name": "Open Source Icinga \u003c2.15.2",
                  "product_id": "T050437"
                }
              },
              {
                "category": "product_version",
                "name": "2.15.2",
                "product": {
                  "name": "Open Source Icinga 2.15.2",
                  "product_id": "T050437-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:icinga:icinga:2.15.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.14.8",
                "product": {
                  "name": "Open Source Icinga \u003c2.14.8",
                  "product_id": "T050438"
                }
              },
              {
                "category": "product_version",
                "name": "2.14.8",
                "product": {
                  "name": "Open Source Icinga 2.14.8",
                  "product_id": "T050438-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:icinga:icinga:2.14.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.13.14",
                "product": {
                  "name": "Open Source Icinga \u003c2.13.14",
                  "product_id": "T050439"
                }
              },
              {
                "category": "product_version",
                "name": "2.13.14",
                "product": {
                  "name": "Open Source Icinga 2.13.14",
                  "product_id": "T050439-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:icinga:icinga:2.13.14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Icinga"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-24413",
      "product_status": {
        "known_affected": [
          "T050437",
          "T050439",
          "T050438",
          "T027843"
        ]
      },
      "release_date": "2026-01-29T23:00:00.000+00:00",
      "title": "CVE-2026-24413"
    },
    {
      "cve": "CVE-2026-24414",
      "product_status": {
        "known_affected": [
          "T050436",
          "T027843",
          "T050435",
          "T050434"
        ]
      },
      "release_date": "2026-01-29T23:00:00.000+00:00",
      "title": "CVE-2026-24414"
    }
  ]
}

CVE-2026-24413 (GCVE-0-2026-24413)

Vulnerability from cvelistv5 – Published: 2026-01-29 17:21 – Updated: 2026-01-29 21:23

Title

Icinga has insecure permission of %ProgramData%\icinga2\var on Windows

Summary

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its contents - including the private key of the user and synced configuration - being readable by all local users. All installations on Windows are affected. Versions 2.13.14, 2.14.8, and 2.15.2 contains a fix. There are two possibilities to work around the issue without upgrading Icinga 2. Upgrade Icinga for Windows to at least version v1.13.4, v1.12.4, or v1.11.2. These version will automatically fix the ACLs for the Icinga 2 agent as well. Alternatively, manually update the ACL for the given folder `C:\ProgramData\icinga2\var` (and `C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate` to fix the issue for the Icinga for Windows as well) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access.

Severity

6.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-276 - Incorrect Default Permissions

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/Icinga/icinga2/security/adviso…	x_refsource_CONFIRM
https://github.com/Icinga/icinga-powershell-frame…	x_refsource_MISC
https://icinga.com/blog/releasing-icinga-2-v2-15-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Icinga	icinga2	Affected: >= 2.3.0, < 2.13.14 Affected: >= 2.14.0, < 2.14.8 Affected: >= 2.15.0, < 2.15.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24413",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T21:23:06.715208Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T21:23:20.671Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "icinga2",
          "vendor": "Icinga",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.13.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.14.0, \u003c 2.14.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.15.0, \u003c 2.15.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\\icinga2\\var` folder on Windows. This resulted in the its contents - including the private key of the user and synced configuration - being readable by all local users. All installations on Windows are affected. Versions 2.13.14, 2.14.8, and 2.15.2 contains a fix. There are two possibilities to work around the issue without upgrading Icinga 2. Upgrade Icinga for Windows to at least version v1.13.4, v1.12.4, or v1.11.2. These version will automatically fix the ACLs for the Icinga 2 agent as well. Alternatively, manually update the ACL for the given folder `C:\\ProgramData\\icinga2\\var` (and `C:\\Program Files\\WindowsPowerShell\\modules\\icinga-powershell-framework\\certificate` to fix the issue for the Icinga for Windows as well) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T17:21:01.438Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr"
        },
        {
          "name": "https://github.com/Icinga/icinga-powershell-framework/security/advisories/GHSA-88h5-rrm6-5973",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Icinga/icinga-powershell-framework/security/advisories/GHSA-88h5-rrm6-5973"
        },
        {
          "name": "https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-and-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-and-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2"
        }
      ],
      "source": {
        "advisory": "GHSA-vfjg-6fpv-4mmr",
        "discovery": "UNKNOWN"
      },
      "title": "Icinga has insecure permission of %ProgramData%\\icinga2\\var on Windows"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24413",
    "datePublished": "2026-01-29T17:21:01.438Z",
    "dateReserved": "2026-01-22T18:19:49.174Z",
    "dateUpdated": "2026-01-29T21:23:20.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24414 (GCVE-0-2026-24414)

Vulnerability from cvelistv5 – Published: 2026-01-29 17:35 – Updated: 2026-01-29 21:17

Title

Icinga for Windows certificate can have too-open permissions

Summary

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows `certificate` directory grant every user read access, which results in the exposure of private key of the Icinga certificate for the given host. All installations are affected. Versions 1.13.4, 1.12.4, and 1.11.2 contains a patch. Please note that upgrading to a fixed version of Icinga for Windows will also automatically fix a similar issue present in Icinga 2, CVE-2026-24413. As a workaround, the permissions can be restricted manually by updating the ACL for the given folder `C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate` (and `C:\ProgramData\icinga2\var` to fix the issue for the Icinga 2 agent as well) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access.

Severity

6.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-276 - Incorrect Default Permissions

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/Icinga/icinga-powershell-frame…	x_refsource_CONFIRM
https://github.com/Icinga/icinga2/security/adviso…	x_refsource_MISC
https://icinga.com/blog/releasing-icinga-2-v2-15-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Icinga	icinga-powershell-framework	Affected: < 1.11.2 Affected: >= 1.12.0, < 1.12.4 Affected: >= 1.13.0, < 1.13.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24414",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T21:17:00.639401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T21:17:16.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "icinga-powershell-framework",
          "vendor": "Icinga",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.11.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.12.0, \u003c 1.12.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.13.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows `certificate` directory grant every user read access, which results in the exposure of private key of the Icinga certificate for the given host. All installations are affected. Versions 1.13.4, 1.12.4, and 1.11.2 contains a patch. Please note that upgrading to a fixed version of Icinga for Windows will also automatically fix a similar issue present in Icinga 2, CVE-2026-24413. As a workaround, the permissions can be restricted manually by updating the ACL for the given folder `C:\\Program Files\\WindowsPowerShell\\modules\\icinga-powershell-framework\\certificate` (and `C:\\ProgramData\\icinga2\\var` to fix the issue for the Icinga 2 agent as well) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T17:35:43.323Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Icinga/icinga-powershell-framework/security/advisories/GHSA-88h5-rrm6-5973",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Icinga/icinga-powershell-framework/security/advisories/GHSA-88h5-rrm6-5973"
        },
        {
          "name": "https://github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr"
        },
        {
          "name": "https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-and-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-and-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2"
        }
      ],
      "source": {
        "advisory": "GHSA-88h5-rrm6-5973",
        "discovery": "UNKNOWN"
      },
      "title": "Icinga for Windows certificate can have too-open permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24414",
    "datePublished": "2026-01-29T17:35:43.323Z",
    "dateReserved": "2026-01-22T18:19:49.174Z",
    "dateUpdated": "2026-01-29T21:17:16.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0260

CVE-2026-24413 (GCVE-0-2026-24413)

CVE-2026-24414 (GCVE-0-2026-24414)

Tags

Sightings

Nomenclature