CVE-2026-31836

Name of the Vulnerable Software and Affected Versions Checkmate versions prior to 3.5.1

Description Checkmate is a self-hosted tool for tracking server hardware, uptime, response times, and incidents. A mass assignment issue exists in the user profile update endpoint, allowing authenticated users to escalate privileges to superadmin, bypassing role-based access controls. An attacker can modify their user role to gain complete administrative access, including viewing all users, modifying configurations, and accessing sensitive data. The vulnerable endpoint is the user profile update endpoint. The vulnerability allows modification of the user role through mass assignment of parameters.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.