wid-sec-w-2026-0820 · Published 2026-03-22 · View on BSI CERT-Bund ↗

Checkmk: Vulnerability allows Umgehen from Sicherheitsvorkehrungen

CVSS 5.3 MEDIUM

Risk Summary

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information

CVEs (1)

CVE-2026-24096

Affected Vendors

Checkmk

Affected Products (6)

Checkmk · Checkmk <2.6.0b1

Checkmk · Checkmk 2.6.0b1

Checkmk · Checkmk <2.5.0b1

Checkmk · Checkmk 2.5.0b1

Checkmk · Checkmk <2.4.0p25

Checkmk · Checkmk 2.4.0p25

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more