Skip to main content

Checkmk CVE-2026-24095

Missing Authorization (CWE-862)
2026-02-09 security@checkmk.com

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 09, 2026 - 16:16 nvd
N/A

DescriptionCVE.org

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.

AnalysisAI

Improper permission enforcement in Checkmk versions 2.4.0 versions up to 2.4.0 is affected by missing authorization.

Technical ContextAI

This vulnerability (CWE-862: Missing Authorization) affects Improper permission enforcement in Checkmk versions 2.4.0. Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.

Affected ProductsAI

Product: Improper permission enforcement in Checkmk versions 2.4.0. Versions: up to 2.4.0.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-24095 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy