Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Checkmk — Vulnerabilities & Security Advisories 91

All 91 CVE vulnerabilities found in Checkmk, with AI-generated Chinese analysis, references, and POCs.

Vendor: Tribe29

CVE IDTitleCVSSSeverityPublished
CVE-2026-33457 Potential livestatus injection in prediction graph page CWE-140 8.8 -2026-04-10
CVE-2026-33456 Potential livestatus injection in notification test CWE-140 8.8 -2026-04-10
CVE-2026-33455 Livestatus injection in monitoring quicksearch CWE-140 8.8 -2026-04-10
CVE-2025-39666 omd: Local privilege escalation when executing omd commands as root CWE-426 7.8AIHighAI2026-04-07
CVE-2026-3466 Cross-site scripting in dashlet title CWE-79 5.4AIMediumAI2026-04-07
CVE-2026-24096 Insufficient permission validation on multiple REST API Quick Setup endpoints CWE-280 8.8AIHighAI2026-04-01
CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar CWE-79 5.4AIMediumAI2026-03-31
CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names CWE-79 5.4AIMediumAI2026-03-31
CVE-2025-64998 Session hijacking via exposed session signing secret in distributed Checkmk setups CWE-522 6.5 -2026-03-24
CVE-2026-2859 Unauthenticated Host Enumeration via Observable Response Discrepancy on Deploy Agent Endpoint CWE-204 5.3 -2026-03-13
CVE-2026-24097 Authenticated Host Enumeration via Observable Response Discrepancy on Agent Register Existing Endpoint CWE-204 4.3 -2026-03-13
CVE-2026-3103 Deletion of passwords via RestApi CWE-863 7.1AIHighAI2026-03-04
CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services CWE-79 6.1AIMediumAI2026-02-26
CVE-2026-24095 Missing Permission Check on Analyze Configuration Page CWE-862 4.3AIMediumAI2026-02-09
CVE-2025-65000 Exposure of SSH Private Keys in Remote Alert Handlers (Linux) Rule CWE-212 7.5AIHighAI2025-12-18
CVE-2025-64997 Insufficient permission validation when showing agent information CWE-280 6.5AIMediumAI2025-12-18
CVE-2025-58121 Insufficient permission validation on multiple REST API endpoints CWE-280 8.8AIHighAI2025-11-18
CVE-2025-58122 Insufficient permission validation when configuring notification parameters CWE-280 8.1AIHighAI2025-11-18
CVE-2025-64996 Overly broad file permissions in the mk_inotify plugin allows reading and manipulating the plugin's output CWE-732 7.1AIHighAI2025-11-18
CVE-2025-39663 Cross Site Scripting through compromised remote site CWE-80 6.1AIMediumAI2025-10-30
CVE-2025-39664 Path-Traversal in report scheduler CWE-22 4.3AIMediumAI2025-10-09
CVE-2025-32919 Privilege Escalation in Windows License plugin for Checkmk Windows Agent CWE-427 7.8AIHighAI2025-10-09
CVE-2025-32916 Sensitive form data in URL query parameters CWE-598 5.3AIMediumAI2025-10-09
CVE-2025-32918 Livestatus injection in autocomplete endpoint CWE-140 8.8 -2025-07-04
CVE-2025-32915 Sensitive data exposed during automatic agent updates CWE-732 5.5AIMediumAI2025-05-22
CVE-2025-1712 Arbitrary file write with vcrtrace CWE-88 6.5AIMediumAI2025-05-21
CVE-2025-32917 Privilege escalation in jar_signature CWE-427 7.8AIHighAI2025-05-13
CVE-2025-3506 Potentially senitive path exposed via unauthenticated http route CWE-497 7.5AIHighAI2025-05-08
CVE-2025-2092 Remote site authentication secrets written to web log CWE-532 7.5 -2025-04-22
CVE-2024-38865 Livestatus command injection in RestAPI CWE-140 8.8AIHighAI2025-04-10

All 91 known CVE vulnerabilities affecting Checkmk with full Chinese analysis, references, and POCs where available.