CVE-2026-24095

The vulnerability lies in the improper permission enforcement of the 'Analyze configuration' page in Checkmk. The page only hid the menu link from users lacking the 'Access analyze configuration' permission, but did not perform a server-side permission check. Consequently, users with the 'Use WATO' permission could access the page by directly entering its URL, bypassing the intended access control [1].

Exploitation requires the attacker to have the 'Use WATO' permission, which is granted to default roles such as 'Normal monitoring user'. If the attacker also possesses the 'Make changes, perform actions' permission, they can perform unauthorized actions on the page, such as disabling monitoring checks or acknowledging check results. No additional authentication or network position is needed beyond having a valid account with these permissions [1].

The impact includes unauthorized access to configuration analysis and potential modification of monitoring checks, which could lead to loss of visibility into system health or false acknowledgments of issues. The vulnerability is rated CVSS 5.3 Medium, reflecting the need for authenticated access but the potential for low-level integrity and confidentiality impact [1].

Checkmk has addressed the issue in versions 2.4.0p21 and 2.3.0p43. Version 2.2.0 is end-of-life and will not receive a patch. Users are advised to upgrade to the latest patched versions and validate that all desired checks in 'Analyze configuration' are enabled and that no findings are unexpectedly acknowledged [1].