Skip to main content

Checkmk CVE-2026-33455

| EUVD-2026-21342 MEDIUM
Improper Neutralization of Delimiters (CWE-140)
2026-04-10 Checkmk GHSA-p2v5-ghx9-jg75
Code Injection
5.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
2.5.0b4
EUVD ID Assigned
Apr 10, 2026 - 08:45 euvd
EUVD-2026-21342
Analysis Generated
Apr 10, 2026 - 08:45 vuln.today
CVE Published
Apr 10, 2026 - 08:30 nvd
MEDIUM 5.3

DescriptionNVD

Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.

AnalysisAI

Livestatus injection in Checkmk's monitoring quicksearch function allows authenticated attackers to inject arbitrary livestatus commands through insufficiently sanitized search query parameters in versions prior to 2.5.0b4. The vulnerability requires valid authentication credentials and enables low-impact information disclosure and limited integrity/availability changes within the monitoring system. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-33455 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy