Primary

Context

Checkmk Livestatus Injection Vulnerability in Notification Test Mode

Vulnerability

A Livestatus injection vulnerability has been identified in Checkmk versions prior to 2.5.0b4 and 2.4.0p26. This vulnerability allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands by crafting a specific service description.

Impact

Exploitation of this vulnerability allows for unauthorized injection of Livestatus commands, which could potentially be used to manipulate or extract information from the monitoring system.

Remediation

Users can upgrade to Checkmk versions 2.6.0b1, 2.5.0b4, or 2.4.0p26 to address this vulnerability.

Added: Apr 10, 2026, 10:54 AM

Updated: Apr 10, 2026, 10:54 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.3

exploitability

5.2

remediation

0.0

relevance

5.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.3

exploitability

5.2

remediation

0.0

relevance

5.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkmk Livestatus Injection Vulnerability in Notification Test Mode

Vulnerability

Impact

Remediation

Affected Products

Checkmk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating