CVE-2026-24097

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.4.0 through 2.4.0p23 Checkmk versions 2.3.0 through 2.3.0p43 Checkmk version 2.2.0

Description Improper permission enforcement allows authenticated users to enumerate existing hosts by observing different HTTP response codes in the /agent-receiver/register existing API endpoint, potentially leading to information disclosure.

Recommendations Checkmk versions 2.4.0 through 2.4.0p23 should be updated to version 2.4.0p23 or later. Checkmk versions 2.3.0 through 2.3.0p43 should be updated to version 2.3.0p43 or later. Checkmk version 2.2.0 is end-of-life and should be upgraded to a supported version.