Checkmk CVE-2026-24095
Lifecycle Timeline
2DescriptionCVE.org
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
AnalysisAI
Improper permission enforcement in Checkmk versions 2.4.0 versions up to 2.4.0 is affected by missing authorization.
Technical ContextAI
This vulnerability (CWE-862: Missing Authorization) affects Improper permission enforcement in Checkmk versions 2.4.0. Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
Affected ProductsAI
Product: Improper permission enforcement in Checkmk versions 2.4.0. Versions: up to 2.4.0.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today