Checkmk versions prior to 2.4.0p21, 2.3.0p43, and 2.2.0 (EOL) lack a permission check on the "Analyze configuration" page. Users granted the "Use WATO" permission can access the page simply by navigating to its URL, bypassing the intended "Access analyze configuration" check. If those same users also possess the "Make changes, perform actions" permission, they can carry out unauthorized operations such as disabling checks or acknowledging results, thereby affecting the integrity of monitoring data.

The vulnerability affects Checkmk (Checkmk GmbH:Checkmk) deployments running 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and the end‑of‑life 2.2.0 release. All affected versions allow elevated configuration changes through the Analyze configuration page once the minimal permission set is present.

The CVSS score of 5.3 indicates a moderate impact, and the EPSS score of less than 1% suggests exploitation is unlikely to be frequent in the wild. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an attacker to have at least the "Use WATO" permission, which is common for configuration‐management roles, and optionally the "Make changes, perform actions" permission. Attackers who meet these criteria can simply request the page URL from a browser or curl, so the entry point is trivial for authenticated users with those permissions.