Vulnerability in Checkmk Gmbh
CVE-2026-33456
Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description.
EPSS: 0.000 (14.9th percentile) — read the EPSS interpretation.
Affected products
- Checkmk Gmbh — versions 2.5.0, 2.4.0
Weakness classification (CWE)
References
- checkmk.com/werk/17989 (vendor-advisory)