CVE-2026-24095 – Missing Permission Check on Analyze Configuration Page

CVE ID : CVE-2026-24095

Published : Feb. 9, 2026, 4:16 p.m. | 1 hour, 3 minutes ago

Description : Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the “Use WATO” permission to access the “Analyze configuration” page by directly navigating to its URL, bypassing the intended “Access analyze configuration” permission check. If these users also have the “Make changes, perform actions” permission, they can perform unauthorized actions such as disabling checks or acknowledging results.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-25498 – Craft has a potential authenticated Remote Code Execution via malicious attached Behavior

CVE-2026-25497 – Craft has a GraphQL Asset Mutation Privilege Escalation

CVE-2026-25496 – Craft has a stored XSS in Number Prefix & Suffix Fields

CVE-2026-25495 – Craft has a SQL Injection in Element Indexes via criteria[orderBy]