Auth bypass in Checkmk Gmbh

CVE-2026-24095

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, byp…

Vulnerability class: Broken Access Control

EPSS: 0.002 (13.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References