← Voltar para CVEs
CVE-2026-24095
N/ADescricao
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado2/9/2026
Ultima modificacao2/9/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-862
Referencias
https://checkmk.com/werk/19032(security@checkmk.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.