High severity7.8NVD Advisory· Published Jul 4, 2024· Updated Apr 15, 2026

CVE-2024-39934

Description

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment.

Patches

b4b6659cb107

https://github.com/elabit/robotmkvia osv

78c1174ab2df

https://github.com/elabit/robotmkvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

checkmk.com/werk/16434nvd
github.com/elabit/robotmk/commit/78c1174ab2df43813050d0c22e1efb8636f8715envd
github.com/elabit/robotmk/compare/v2.0.0...v2.0.1nvd
github.com/elabit/robotmk/releases/tag/v2.0.1nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000