CVE-2026-24095 – Missing Permission Check on Analyze Configuration Page

CVE ID : CVE-2026-24095

Published : Feb. 9, 2026, 4:16 p.m. | 1 hour, 3 minutes ago

Description : Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the “Use WATO” permission to access the “Analyze configuration” page by directly navigating to its URL, bypassing the intended “Access analyze configuration” permission check. If these users also have the “Make changes, perform actions” permission, they can perform unauthorized actions such as disabling checks or acknowledging results.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…