wid-sec-w-2026-0606 · Published 2026-03-04 · View on BSI CERT-Bund ↗

Checkmk: Multiple Vulnerabilities allow Offenlegung from Informationen

CVSS 6.3 MEDIUM

Risk Summary

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.

CVEs (2)

CVE-2026-24097 CVE-2026-2859

Affected Vendors

Checkmk

Affected Products (8)

Checkmk · Checkmk <2.3.0p43

Checkmk · Checkmk 2.3.0p43

Checkmk · Checkmk <2.4.0p23

Checkmk · Checkmk 2.4.0p23

Checkmk · Checkmk <2.5.0b1

Checkmk · Checkmk 2.5.0b1

Checkmk · Checkmk <2.6.0b1

Checkmk · Checkmk 2.6.0b1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more