Description
Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.
Published: 2026-04-10
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Command injection
Action: Patch
AI Analysis

Impact

Checkmk Quicksearch allows a user to submit a search query that is processed by filter plugins. Because the input is not adequately sanitized, an authenticated user can embed Livestatus commands inside the query. This injection lets the attacker execute arbitrary Livestatus requests, potentially changing monitoring state, retrieving sensitive data, or escalating privileges within the monitoring system.

Affected Systems

The flaw exists in Checkmk released by Checkmk GmbH, specifically in versions older than 2.5.0b4. The Quicksearch component of the web interface is the affected area.

Risk and Exploitability

The base CVSS score of 5.3 indicates a moderate severity. EPSS information is not available and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to be authenticated to the Checkmk web interface, after which a crafted query can inject Livestatus commands. No special privileges or preconditions beyond authentication are required, making the attack vector relatively straightforward for authorized users.

Generated by OpenCVE AI on April 10, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure Checkmk is updated to version 2.5.0b4 or later.
  • If an upgrade is not immediately possible, restrict access to the monitoring interface so that only trusted and vetted personnel can use the Quicksearch feature.
  • Monitor web interface logs for unusual Livestatus command patterns that may indicate an attempt to exploit the injection point.

Generated by OpenCVE AI on April 10, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://checkmk.com/werk/17988 cve-icon cve-icon
History

Fri, 10 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.
Title Livestatus injection in monitoring quicksearch
First Time appeared Checkmk
Checkmk checkmk
Weaknesses CWE-140
CPEs cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*
Vendors & Products Checkmk
Checkmk checkmk
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Checkmk Checkmk
cve-icon MITRE

Status: PUBLISHED

Assigner: Checkmk

Published:

Updated: 2026-04-10T12:48:27.066Z

Reserved: 2026-03-20T10:30:13.352Z

Link: CVE-2026-33455

cve-icon Vulnrichment

Updated: 2026-04-10T12:48:23.351Z

cve-icon NVD

Status : Received

Published: 2026-04-10T09:16:23.447

Modified: 2026-04-10T09:16:23.447

Link: CVE-2026-33455

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T14:40:54Z

Weaknesses