CVE-2026-30829

Name of the Vulnerable Software and Affected Versions Checkmate versions prior to 3.4.0

Description An unauthenticated information disclosure issue exists in the GET /api/v1/status-page/:url endpoint. The endpoint does not enforce authentication or verify if a status page is published before revealing complete status page details. This allows any unauthenticated user to access unpublished status pages and their internal data through direct API requests. The vulnerable parameter is url.

Recommendations Update to version 3.4.0 or later.