Auth bypass in Checkmk Gmbh
CVE-2026-24095
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, byp…
Vulnerability class: Broken Access Control
EPSS: 0.002 (13.7th percentile) — read the EPSS interpretation.
Affected products
- Checkmk Gmbh — versions 2.4.0, 2.3.0, 2.2.0