CVE-2026-24097 | THREATINT

Description

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/register_existing endpoint, which could lead to information disclosure.

PUBLISHED Reserved 2026-01-21 | Published 2026-03-13 | Updated 2026-03-13 | Assigner Checkmk

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-204: Observable Response Discrepancy

Product status

Default status

unaffected

2.4.0 (semver) before 2.4.0p23

affected

2.3.0 (semver) before 2.3.0p43

affected

2.2.0 (semver)

affected

References

checkmk.com/werk/18993

cve.org (CVE-2026-24097)

nvd.nist.gov (CVE-2026-24097)

Download JSON