Home

Description

Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 (EOL) allows a local unprivileged user to execute arbitrary commands as root by starting a process crafted to look like a SAP HANA instance. Without an explicit database configuration, the mk_sap_hana agent plugin derives instance identifiers from the process list and uses them to build a command executed with elevated privileges (requires the plugin to run as root with RUNAS=agent).

PUBLISHED Reserved 2026-07-06 | Published 2026-07-14 | Updated 2026-07-14 | Assigner Checkmk




MEDIUM: 5.2CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

2.5.0 (semver) before 2.5.0p9
affected

2.4.0 (semver) before 2.4.0p34
affected

2.3.0 (semver) before 2.3.0p49
affected

2.2.0 (semver)
affected

References

checkmk.com/werk/20104 vendor-advisory

cve.org (CVE-2026-14852)

nvd.nist.gov (CVE-2026-14852)

Download JSON