Unrated severityNVD Advisory· Published Mar 13, 2026· Updated Mar 13, 2026

Authenticated Host Enumeration via Observable Response Discrepancy on Agent Register Existing Endpoint

CVE-2026-24097

Description

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/register_existing endpoint, which could lead to information disclosure.

Affected products

Checkmk/Checkmkv5
Range: 2.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

checkmk.com/werk/18993mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000