Vulnerability in Checkmk Gmbh
CVE-2026-33455
Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.
EPSS: 0.001 (15.9th percentile) — read the EPSS interpretation.
Affected products
- Checkmk Gmbh — versions 2.5.0
Weakness classification (CWE)
References
- checkmk.com/werk/17988 (vendor-advisory)