ID:12807 - Exploit for Path traversal in Icinga Web 2 - CVE-2022-24716
Published: July 6, 2026
Icinga Web 2
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to path traversal in static library file requests when handling unauthenticated requests for library files. A remote attacker can request crafted file paths to disclose sensitive information.
Exposed files may include local system files accessible to the web-server user, including configuration files containing database credentials.