PT-2026-31900 · Checkmk · Checkmk
Published
2026-04-10
·
Updated
2026-04-12
·
CVE-2026-33457
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.5.0b4, prior to 2.4.0p26, and prior to 2.3.0p47
Description
A flaw exists in Checkmk that allows an authenticated user to inject arbitrary Livestatus commands. This occurs through insufficient sanitization of the service description value in the prediction graph page. The injection is possible via a crafted service name parameter.
Recommendations
Update Checkmk to version 2.5.0b4 or later.
Update Checkmk to version 2.4.0p26 or later.
Update Checkmk to version 2.3.0p47 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk