{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24095", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2026-01-21T14:39:24.127Z", "datePublished": "2026-02-09T15:29:16.780Z", "dateUpdated": "2026-02-09T15:54:18.156Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.4.0p21", "status": "affected", "version": "2.4.0", "versionType": "semver"}, {"status": "affected", "lessThan": "2.3.0p43", "version": "2.3.0", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the \"Use WATO\" permission to access the \"Analyze configuration\" page by directly navigating to its URL, bypassing the intended \"Access analyze configuration\" permission check. If these users also have the \"Make changes, perform actions\" permission, they can perform unauthorized actions such as disabling checks or acknowledging results."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV4_0": {"baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2026-02-09T15:29:16.780Z"}, "references": [{"url": "https://checkmk.com/werk/19032"}], "title": "Missing Permission Check on Analyze Configuration Page", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "2.4.0p21"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.3.0", "versionEndExcluding": "2.3.0p43"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"}]}]}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:54:02.773145Z", "id": "CVE-2026-24095", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:54:18.156Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24095", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T15:54:02.773145Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:54:08.329Z"}}], "cna": {"title": "Missing Permission Check on Analyze Configuration Page", "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Checkmk GmbH", "product": "Checkmk", "versions": [{"status": "affected", "version": "2.4.0", "lessThan": "2.4.0p21", "versionType": "semver"}, {"status": "affected", "version": "2.3.0", "lessThan": "2.3.0p43", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://checkmk.com/werk/19032"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the \"Use WATO\" permission to access the \"Analyze configuration\" page by directly navigating to its URL, bypassing the intended \"Access analyze configuration\" permission check. If these users also have the \"Make changes, perform actions\" permission, they can perform unauthorized actions such as disabling checks or acknowledging results."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.4.0p21", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.3.0p43", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2026-02-09T15:29:16.780Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24095", "state": "PUBLISHED", "dateUpdated": "2026-02-09T15:54:18.156Z", "dateReserved": "2026-01-21T14:39:24.127Z", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "datePublished": "2026-02-09T15:29:16.780Z", "assignerShortName": "Checkmk"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the \"Use WATO\" permission to access the \"Analyze configuration\" page by directly navigating to its URL, bypassing the intended \"Access analyze configuration\" permission check. If these users also have the \"Make changes, perform actions\" permission, they can perform unauthorized actions such as disabling checks or acknowledging results."}, {"lang": "es", "value": "Aplicaci\u00f3n indebida de permisos en las versiones de Checkmk 2.4.0 anteriores a 2.4.0p21, 2.3.0 anteriores a 2.3.0p43, y 2.2.0 (Fin de vida \u00fatil) permite a los usuarios con el permiso 'Usar WATO' acceder a la p\u00e1gina 'Analizar configuraci\u00f3n' navegando directamente a su URL, eludiendo la verificaci\u00f3n del permiso prevista 'Acceder a analizar configuraci\u00f3n'. Si estos usuarios tambi\u00e9n tienen el permiso 'Realizar cambios, ejecutar acciones', pueden realizar acciones no autorizadas como deshabilitar verificaciones o confirmar resultados."}], "id": "CVE-2026-24095", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@checkmk.com", "type": "Secondary"}]}, "published": "2026-02-09T16:16:00.767", "references": [{"source": "security@checkmk.com", "url": "https://checkmk.com/werk/19032"}], "sourceIdentifier": "security@checkmk.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@checkmk.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2.4.0,2.4.0p21)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2.3.0,2.3.0p43)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.2.0"}}], "product": "checkmk", "vendor": "checkmk"}], "analysis": {"en": {"generated_at": "2026-04-18T13:04:44.819054+00:00", "value": {"mitigation_remediation": ["Upgrade to Checkmk version 2.4.0p21 or newer, 2.3.0p43 or newer, or any release where the permission check on \"Analyze configuration\" is corrected.", "Revoke or limit the \"Make changes, perform actions\" permission for users who only require the \"Use WATO\" privilege, ensuring that users cannot both access the page and modify configuration settings.", "Regularly consult Checkmk security advisories and apply updates promptly to mitigate future vulnerabilities."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized Configuration Modification"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Checkmk (Checkmk GmbH:Checkmk) deployments running 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and the end\u2011of\u2011life 2.2.0 release. All affected versions allow elevated configuration changes through the Analyze configuration page once the minimal permission set is present.", "description_and_impact": "Checkmk versions prior to 2.4.0p21, 2.3.0p43, and 2.2.0 (EOL) lack a permission check on the \"Analyze configuration\" page. Users granted the \"Use WATO\" permission can access the page simply by navigating to its URL, bypassing the intended \"Access analyze configuration\" check. If those same users also possess the \"Make changes, perform actions\" permission, they can carry out unauthorized operations such as disabling checks or acknowledging results, thereby affecting the integrity of monitoring data.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate impact, and the EPSS score of less than 1% suggests exploitation is unlikely to be frequent in the wild. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires an attacker to have at least the \"Use WATO\" permission, which is common for configuration\u2010management roles, and optionally the \"Make changes, perform actions\" permission. Attackers who meet these criteria can simply request the page URL from a browser or curl, so the entry point is trivial for authenticated users with those permissions."}}}}, "created": "2026-02-10T11:35:31.300022+00:00", "updated": "2026-04-18T13:15:25.707234+00:00", "vendors": ["checkmk", "checkmk$PRODUCT$checkmk"]}