CVE-2026-24096

Summary

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information

Affected Software

VendorProductVersion RangeStatus
Checkmk GmbHCheckmk2.5.0b1 < 2.5.0b2affected
Checkmk GmbHCheckmk2.4.0 < 2.4.0p25affected

Weaknesses

  • CWE-280: CWE-280: Improper Handling of Insufficient Permissions or Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References