We fixed two security vulnerabilities related to the web interface. They were related to the cross-site request forgery attack and the clickjacking attack. Both are used to induce users to perform actions that they do not intend to perform by hiding the NetEye web interface under some eye-catching pages or with some malicious links sent for example by email.
More information on how the vulnerabilities work can be found here:
Furthermore, we fixed a bug related to the users SSO in the ITOA module. When the users belonged to teams of different organizations, the teams were not correctly assigned.
For NetEye 4.17 we updated the following packages:
httpd-neteye-config and httpd-neteye-config-autosetup to version 1.9.1-1
icingaweb2-module-analytics and icingaweb2-module-analytics-autosetup to version 1.38.1-1
Important: Lampo security update Type/Severity NetEye Product Security has rated this update as having a medium security impact. Topic An update for the lampod packages is now available for NetEye 4. Security Fix for NetEye 4.46 1.1.3-1 Summary The vulnerability is about sensitive Read More
Important: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a Medium security impact. Topic An update for the Kibana package is now available for NetEye 4. Security Fix for NetEye 4.46 9.2.6_neteye3.90.8-1 CVEs CVE-2026-26934CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-26935CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-26936CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2026-26937CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Read More
Error during generation of SLA reports We have fixed a bug that was causing an error during the generation of SLA reports. List of updated packages To solve the issue mentioned above, the following packages have been updated for NetEye Read More
Fix NagVis navigation using IcingaDB Web URLs When clicking on a host or service from a NagVis map, you were redirected to the legacy Monitoring module. The links have been updated to correctly point to the IcingaDB Web module. List Read More
Fixing Misplaced Plugin Output in Icinga Web Interface When plugin output contained HTML content (like links), it was incorrectly displayed near the service name instead of in the Plugin Output section. The plugin output section now correctly renders all content. Read More
