VYPR
Medium severityNVD Advisory· Published Feb 9, 2026· Updated Apr 15, 2026

CVE-2026-24095

CVE-2026-24095

Description

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • Checkmk/Checkmkllm-fuzzy
    Range: 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, 2.2.0 (EOL)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.