CVE-2026-33455

CVSS v4.0

5.3

Medium

AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-140

Related Identifiers

CVE-2026-33455

Affected Products

Checkmk

CVE-2026-33455

Weakness Enumeration

Related Identifiers

Affected Products

References · 3