PT-2026-31899

Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.5.0b4 and prior to 2.4.0p26 Description A flaw exists in Checkmk that allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands through a crafted service...

CVE-2025-39666

CVE-2025-39666 affects Checkmk in multiple versions: 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, and 2.5.0 beta before 2.5.0b3. A site user can escalate to root by manipulating files in the site context that are processed when the omd command is run by root. This yields a local pri...

PT-2026-30816

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0 EOL, 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 beta through 2.5.0b2 Description Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform...

CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

CVE-2023-31210

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...

CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

CVE-2025-39665

User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames...

Linux Distros Unpatched Vulnerability : CVE-2025-58122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, whic...

UBUNTU-CVE-2025-58121

Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

EUVD-2025-12296

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-22359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - User enumeration in Checkmk =2.2.0p4 allows an authenticated attacker to enumerate usernames. CVE-2023-22359 Note that Nessus relies on the presence of the...

CVE-2024-6747

Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 EOL allows attacker to get potentially sensitive data...

CVE-2024-47094

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p22, 2.2.0p37, 2.1.0p50 EOL causes remote site secrets to be written to web log files accessible to local site users...

CVE-2023-31211

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials...

CVE-2025-3506

Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and...

UBUNTU-CVE-2025-1075

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p27, 2.2.0p40, and 2.1.0p51 EOL causes LDAP credentials to be written to Apache error log file accessible to administrators...

CVE-2024-6572 Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem'

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 EOL allows man-in-the-middle attackers to intercept traffic...

PT-2022-21905 · Debian +1 · Debian +1

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6 through 1.6.9p29 Checkmk versions 2.0 through 2.0.0p26 Checkmk versions 2.1 through 2.1.0p3 Checkmk version 2.2.0i1 Description: A permission issue affects users that deployed the shipped version of the Checkmk Debian...