PT-2026-29510 · Checkmk · Checkmk

Published

2026-04-01

Updated

2026-04-02

CVE-2026-24096

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.4.0 through 2.4.0p25 and 2.5.0 through 2.5.0b2

Description Insufficient permission validation exists on multiple REST API Quick Setup endpoints. This allows low-privileged users to perform unauthorized actions or obtain sensitive information.

Recommendations Update to version 2.4.0p26 or later. Update to version 2.5.0b2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-280

Related Identifiers

CVE-2026-24096

Affected Products

Checkmk

PT-2026-29510 · Checkmk · Checkmk

CVE-2026-24096

Weakness Enumeration

Related Identifiers

Affected Products

References · 7