What is the CVSS score of CVE-2026-31836?

CVE-2026-31836 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Checkmate are affected by CVE-2026-31836?

A critical privilege escalation vulnerability in Checkmate server monitoring tool allows any authenticated user to gain superadmin access, potentially compromising all monitored infrastructure and…

How to fix or mitigate CVE-2026-31836?

Within 24 hours: Inventory all Checkmate deployments and identify instances running versions 3.5.1 or earlier; restrict network access to the application to only essential personnel. Within 7 days: Implement network segmentation to isolate Checkmate instances; enable detailed audit logging for all user profile modifications; audit current user accounts for unauthorized privilege escalation. Within 30 days: Evaluate migration to an alternative monitoring solution or engage Bluewave Labs for a hotfix; establish a security review process for self-hosted tools with authentication mechanisms.

Checkmate CVE-2026-31836

EUVD-2026-13744 HIGH

Improper Authorization (CWE-285)

2026-03-20 GitHub_M

Authentication Bypass Checkmate

8.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.1 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 20, 2026 - 18:00 euvd

EUVD-2026-13744

Analysis Generated

Mar 20, 2026 - 18:00 vuln.today

CVE Published

Mar 20, 2026 - 17:50 nvd

HIGH 8.1

DescriptionGitHub Advisory

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin, bypassing all role-based access controls. An attacker can modify their user role to gain complete administrative access to the application, including the ability to view all users, modify critical configurations, and access sensitive system data. At time of publication, there are no publicly available patches.

AnalysisAI

A mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin level, bypassing all role-based access controls. Checkmate versions 3.5.1 and prior are affected, an open-source self-hosted server monitoring tool from Bluewave Labs. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as low-privilege user

Delivery

Send crafted profile update request

Exploit

Inject role parameter in mass assignment

Execution

Escalate privileges to superadmin

Impact

Access all sensitive data and configurations