Primary

Context

Checkmk Improper Permission Enforcement Vulnerability Allowing Host Enumeration

Vulnerability

Patched

A vulnerability exists in Checkmk versions 2.4.0 prior to 2.4.0p23, 2.3.0 prior to 2.3.0p43, and 2.2.0 (EOL) due to improper permission enforcement. This issue allows authenticated users to enumerate existing hosts by analyzing different HTTP response codes returned by the agent-receiver/register_existing endpoint. The vulnerability could lead to unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in unauthorized host enumeration, allowing users to gather information about existing hosts that they may not have permission to access.

Remediation

Users can upgrade to Checkmk versions 2.4.0p23 or 2.3.0p43 to address this vulnerability. Instructions for upgrading can be found in the Checkmk documentation.

Added: Mar 13, 2026, 7:58 PM

Updated: Mar 13, 2026, 7:58 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkmk Improper Permission Enforcement Vulnerability Allowing Host Enumeration

Vulnerability

Impact

Remediation

Affected Products

Checkmk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating