CVE-2026-24096
Last modified
CVE-2026-24096 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Checkmk | Checkmk | 2.4.0 | — |
| Checkmk | Checkmk | 2.5.0 | B1 |
References
- https://checkmk.com/werk/18989Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-24096?
How severe is CVE-2026-24096?
How do I fix CVE-2026-24096?
Are you affected by CVE-2026-24096?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST