Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Checkmk GmbH — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting Checkmk GmbH. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Checkmk GmbH develops IT infrastructure monitoring solutions, primarily serving enterprise environments to track system health and network performance. The software’s extensive attack surface has resulted in 75 recorded Common Vulnerabilities and Exposures (CVEs), reflecting its complex architecture and widespread deployment. Historically, these security flaws predominantly involve remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations in the web interface and agent components. While no single catastrophic data breach has defined the company’s public history, the high volume of CVEs indicates persistent challenges in securing legacy codebases and third-party dependencies. Regular patching is critical for administrators, as many disclosed issues allow unauthenticated attackers to gain significant control over monitored systems. The company continues to address these technical debt issues through iterative updates, though the sheer number of past vulnerabilities remains a notable risk factor for organizations relying on its monitoring infrastructure.

Top products by Checkmk GmbH: Checkmk Checkmk Appliance
CVE IDTitleCVSSSeverityPublished
CVE-2026-33457 Potential livestatus injection in prediction graph page — CheckmkCWE-140 8.8 -2026-04-10
CVE-2026-33456 Potential livestatus injection in notification test — CheckmkCWE-140 8.8 -2026-04-10
CVE-2026-33455 Livestatus injection in monitoring quicksearch — CheckmkCWE-140 8.8 -2026-04-10
CVE-2025-39666 omd: Local privilege escalation when executing omd commands as root — CheckmkCWE-426 7.8AIHighAI2026-04-07
CVE-2026-3466 Cross-site scripting in dashlet title — CheckmkCWE-79 5.4AIMediumAI2026-04-07
CVE-2026-24096 Insufficient permission validation on multiple REST API Quick Setup endpoints — CheckmkCWE-280 8.8AIHighAI2026-04-01
CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar — CheckmkCWE-79 5.4AIMediumAI2026-03-31
CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names — CheckmkCWE-79 5.4AIMediumAI2026-03-31
CVE-2025-64998 Session hijacking via exposed session signing secret in distributed Checkmk setups — CheckmkCWE-522 6.5 -2026-03-24
CVE-2026-2859 Unauthenticated Host Enumeration via Observable Response Discrepancy on Deploy Agent Endpoint — CheckmkCWE-204 5.3 -2026-03-13
CVE-2026-24097 Authenticated Host Enumeration via Observable Response Discrepancy on Agent Register Existing Endpoint — CheckmkCWE-204 4.3 -2026-03-13
CVE-2026-3103 Deletion of passwords via RestApi — CheckmkCWE-863 7.1AIHighAI2026-03-04
CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services — CheckmkCWE-79 6.1AIMediumAI2026-02-26
CVE-2026-24095 Missing Permission Check on Analyze Configuration Page — CheckmkCWE-862 4.3AIMediumAI2026-02-09
CVE-2025-65000 Exposure of SSH Private Keys in Remote Alert Handlers (Linux) Rule — CheckmkCWE-212 7.5AIHighAI2025-12-18
CVE-2025-64997 Insufficient permission validation when showing agent information — CheckmkCWE-280 6.5AIMediumAI2025-12-18
CVE-2025-58121 Insufficient permission validation on multiple REST API endpoints — CheckmkCWE-280 8.8AIHighAI2025-11-18
CVE-2025-58122 Insufficient permission validation when configuring notification parameters — CheckmkCWE-280 8.1AIHighAI2025-11-18
CVE-2025-64996 Overly broad file permissions in the mk_inotify plugin allows reading and manipulating the plugin's output — CheckmkCWE-732 7.1AIHighAI2025-11-18
CVE-2025-39663 Cross Site Scripting through compromised remote site — CheckmkCWE-80 6.1AIMediumAI2025-10-30
CVE-2025-39664 Path-Traversal in report scheduler — CheckmkCWE-22 4.3AIMediumAI2025-10-09
CVE-2025-32919 Privilege Escalation in Windows License plugin for Checkmk Windows Agent — CheckmkCWE-427 7.8AIHighAI2025-10-09
CVE-2025-32916 Sensitive form data in URL query parameters — CheckmkCWE-598 5.3AIMediumAI2025-10-09
CVE-2025-32918 Livestatus injection in autocomplete endpoint — CheckmkCWE-140 8.8 -2025-07-04
CVE-2025-32915 Sensitive data exposed during automatic agent updates — CheckmkCWE-732 5.5AIMediumAI2025-05-22
CVE-2025-1712 Arbitrary file write with vcrtrace — CheckmkCWE-88 6.5AIMediumAI2025-05-21
CVE-2025-32917 Privilege escalation in jar_signature — CheckmkCWE-427 7.8AIHighAI2025-05-13
CVE-2025-3506 Potentially senitive path exposed via unauthenticated http route — CheckmkCWE-497 7.5AIHighAI2025-05-08
CVE-2025-2092 Remote site authentication secrets written to web log — CheckmkCWE-532 7.5 -2025-04-22
CVE-2024-38865 Livestatus command injection in RestAPI — CheckmkCWE-140 8.8AIHighAI2025-04-10

This page lists every published CVE security advisory associated with Checkmk GmbH. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.