CVE-2026-24095

216.73.216.226

· Published 09/02/2026 16:16 · Modified 09/02/2026 21:55

Labels: CVE-2026-24095 2026-02-09 CVE-2026-24095 CWE-862 [email protected]

Essential information

Published: 09/02/2026 16:16
Modified: 09/02/2026 21:55
Author: —
Creator: —
CVSS: 5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
checkmk / checkmk	`cpe:2.3:a:checkmk:checkmk:2.4.0-2.4.0p21:::::::*`
checkmk / checkmk	`cpe:2.3:a:checkmk:checkmk:2.3.0-2.3.0p43:::::::*`
checkmk / checkmk	`cpe:2.3:a:checkmk:checkmk:2.2.0:::::::*`