CVE-2026-24095
published 2026-02-09CVE-2026-24095: Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission…
PriorityP433medium5.3CVSS 4.0
AVNACLATNPRLUINVCLVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.23%
13.7th percentile
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk_gmbh | checkmk | — | — |
| checkmk_gmbh | checkmk | >= 2.3.0 < 2.3.0p43 | 2.3.0p43 |
| checkmk_gmbh | checkmk | >= 2.4.0 < 2.4.0p21 | 2.4.0p21 |
CVSS provenance
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2026-24095: Improper permission enforcement in Checkmk versions 2
osv·2026-02-09·CVSS 5.3
CVE-2026-24095 [MEDIUM] CVE-2026-24095: Improper permission enforcement in Checkmk versions 2
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
GHSA
GHSA-2wv3-wwxg-29gh: Improper permission enforcement in Checkmk versions 2
ghsa_unreviewed·2026-02-09
CVE-2026-24095 [MEDIUM] CWE-862 GHSA-2wv3-wwxg-29gh: Improper permission enforcement in Checkmk versions 2
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-09
Published