EUVD-2026-13744
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Description
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin, bypassing all role-based access controls. An attacker can modify their user role to gain complete administrative access to the application, including the ability to view all users, modify critical configurations, and access sensitive system data. At time of publication, there are no publicly available patches.
Analysis
A mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin level, bypassing all role-based access controls. Checkmate versions 3.5.1 and prior are affected, an open-source self-hosted server monitoring tool from Bluewave Labs. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Checkmate deployments and identify instances running versions 3.5.1 or earlier; restrict network access to the application to only essential personnel. Within 7 days: Implement network segmentation to isolate Checkmate instances; enable detailed audit logging for all user profile modifications; audit current user accounts for unauthorized privilege escalation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today