CVE-2026-24095 – Missing Permission Check on Analyze Configuration Page

CVE ID : CVE-2026-24095

Published : Feb. 9, 2026, 4:16 p.m. | 1 hour, 3 minutes ago

Description : Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the “Use WATO” permission to access the “Analyze configuration” page by directly navigating to its URL, bypassing the intended “Access analyze configuration” permission check. If these users also have the “Make changes, perform actions” permission, they can perform unauthorized actions such as disabling checks or acknowledging results.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66630 – Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

CVE-2026-2242 – janet-lang janet specials.c janetc_if out-of-bounds

CVE-2026-21419 – Dell Display and Peripheral Manager Link Following Vulnerability

CVE-2026-2240 – janet-lang janet compile.c janetc_pop_funcdef out-of-bounds