Description
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin, bypassing all role-based access controls. An attacker can modify their user role to gain complete administrative access to the application, including the ability to view all users, modify critical configurations, and access sensitive system data. At time of publication, there are no publicly available patches.
Published: 2026-03-20
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

A mass assignment flaw in Checkmate’s user profile update endpoint lets any authenticated user overwrite their role field and promote themselves to superadmin. The effect is a complete privilege escalation that allows viewing all users, changing critical system configurations, and accessing sensitive data. This vulnerability aligns with weaknesses that enable bypassing role‑based access controls.

Affected Systems

The flaw affects the open‑source Checkmate monitoring tool from Bluewave Labs. Versions 3.5.1 and earlier are vulnerable; newer releases are not impacted. Only authenticated users with access to the application can exploit it.

Risk and Exploitability

The CVSS score of 8.1 categorizes it as high severity. The EPSS score is below 1%, indicating a low probability of widespread exploitation at present. Because it requires an authenticated user and there is no publicly available exploit, the current risk is moderate. Official remediation has not yet been released, so monitoring and stringent access control remain critical until a patch is applied.

Generated by OpenCVE AI on March 30, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Checkmate to a version newer than 3.5.1 once a patch becomes available.
  • If a new version is not immediately available, consider limiting network access to the application so only trusted hosts can reach it.
  • Review and audit the current role assignments to ensure no user has superadmin privileges when not required.
  • Enable logging of role changes and monitor logs for unauthorized updates.
  • Contact Bluewave Labs for news on an official fix and apply it as soon as it is released.

Generated by OpenCVE AI on March 30, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Bluewavelabs
Bluewavelabs checkmate
CPEs cpe:2.3:a:bluewavelabs:checkmate:*:*:*:*:*:*:*:*
Vendors & Products Bluewavelabs
Bluewavelabs checkmate

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Bluewave-labs
Bluewave-labs checkmate
Vendors & Products Bluewave-labs
Bluewave-labs checkmate

Fri, 20 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin, bypassing all role-based access controls. An attacker can modify their user role to gain complete administrative access to the application, including the ability to view all users, modify critical configurations, and access sensitive system data. At time of publication, there are no publicly available patches.
Title Mass Assignment Privilege Escalation in Checkmate
Weaknesses CWE-269
CWE-285
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Bluewave-labs Checkmate
Bluewavelabs Checkmate
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T21:27:29.683Z

Reserved: 2026-03-09T17:41:56.078Z

Link: CVE-2026-31836

cve-icon Vulnrichment

Updated: 2026-03-20T21:27:22.786Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T18:16:13.540

Modified: 2026-03-30T14:35:01.507

Link: CVE-2026-31836

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:58:16Z

Weaknesses