PT-2026-25169 · Checkmk Gmbh+3 · Checkmk
Michał Krawczyk
+1
·
Published
2026-03-13
·
Updated
2026-03-13
·
CVE-2026-2859
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 2.4.0 through 2.4.0p22
Checkmk versions 2.3.0 through 2.3.0p42
Checkmk version 2.2.0
Description
Improper permission enforcement allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in the
deploy agent API endpoint, potentially leading to information disclosure.Recommendations
Update Checkmk to version 2.4.0p23 or later.
Update Checkmk to version 2.3.0p43 or later.
Checkmk version 2.2.0 is end-of-life and should be upgraded to a supported version.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk