216.73.216.36

CVE-2024-47091

· Published 13/05/2026 10:16 · Modified 13/05/2026 15:57

Labels: CVE-2024-47091 2026-05-13CVE-2024-47091CWE-427[email protected]

Essential information

Published
13/05/2026 10:16
Modified
13/05/2026 15:57
Author
Creator
CVSS
5.2 MEDIUM (v3) 5.2 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
checkmk / checkmk cpe:2.3:a:checkmk:checkmk:<2.4.0p29:*:*:*:*:*:*:*
checkmk / checkmk cpe:2.3:a:checkmk:checkmk:<2.3.0p47:*:*:*:*:*:*:*
checkmk / checkmk cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*

References