wid-sec-w-2026-0596 · Published 2026-03-04 · View on BSI CERT-Bund ↗

Checkmk: Vulnerability allows Denial of Service

CVSS 5.3 MEDIUM

Risk Summary

A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.

CVEs (1)

CVE-2026-3103

Affected Vendors

Checkmk

Affected Products (8)

Checkmk · Checkmk <2.5.0b1

Checkmk · Checkmk 2.5.0b1

Checkmk · Checkmk <2.6.0b1

Checkmk · Checkmk 2.6.0b1

Checkmk · Checkmk <2.3.0p43

Checkmk · Checkmk 2.3.0p43

Checkmk · Checkmk <2.4.0p23

Checkmk · Checkmk 2.4.0p23

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more