CVE-2026-2859
6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Checkmk GmbH | Checkmk | 2.4.0 < 2.4.0p23 | affected |
| Checkmk GmbH | Checkmk | 2.3.0 < 2.3.0p43 | affected |
| Checkmk GmbH | Checkmk | 2.2.0 | affected |
Weaknesses
- CWE-204: CWE-204: Observable Response Discrepancy
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.