Path traversal in Icinga Web 2 - CVE-2021-32746
Published: July 12, 2021 / Updated: July 6, 2026
Icinga Web 2
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to path traversal in the doc module image route when handling crafted requests for documentation images. A remote user can send a specially crafted request to disclose sensitive information.
The vulnerable functionality is only exposed when the doc module is enabled and the user has explicit permission to access it.