PT-2026-31898 · Checkmk · Checkmk
Published
2026-04-10
·
Updated
2026-04-12
·
CVE-2026-33455
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.5.0b4
Description
A flaw exists in the monitoring quicksearch functionality of Checkmk that allows an authenticated attacker to inject Livestatus commands through the search query. This is due to insufficient input sanitization within the search filter plugins. The injection occurs via the search query.
Recommendations
Update to version 2.5.0b4 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk