Description
Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description.
Published: 2026-04-10
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Livestatus command injection
Action: Upgrade
AI Analysis

Impact

A flaw in Checkmk’s notification test mode allows an authenticated user who can access the test page to insert crafted service descriptions that are interpreted as arbitrary Livestatus commands. The injected commands can then be executed against the monitoring system’s Livestatus interface, enabling the attacker to query, modify, or otherwise manipulate monitoring data in ways not intended by the configuration.

Affected Systems

Checkmk GmbH Checkmk installations running versions earlier than 2.5.0b4 in the 2.5 branch or earlier than 2.4.0p26 in the 2.4 branch are affected. Only deployments that use the legacy notification test feature are vulnerable; newer releases have addressed the issue.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity. No EPSS value is provided, so the likelihood of exploitation remains uncertain. The vulnerability is not listed in CISA’s KEV catalog. Because the flaw requires an authenticated user with access to the notification test page, the most likely attack vector is an internal attacker or one who has gained valid credentials and sufficient privileges. This inference is based on the description and is not explicitly detailed in the provided data.

Generated by OpenCVE AI on April 10, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Checkmk to version 2.5.0b4 or later (or 2.4.0p26 for older series).
  • Restrict or disable access to the notification test page for users without privileged access.
  • Monitor system logs for unexpected Livestatus queries that could indicate injection attempts.

Generated by OpenCVE AI on April 10, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://checkmk.com/werk/17989 cve-icon cve-icon
History

Mon, 20 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:b1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:b2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:b3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:b4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:b5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:b6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p13:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p14:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p15:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p16:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p17:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p18:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p19:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p20:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p21:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p22:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p23:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p24:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p25:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p3:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p4:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p5:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p6:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p7:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p8:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.4.0:p9:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.5.0:b1:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.5.0:b2:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.5.0:b3:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H'}

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description.
Title Potential livestatus injection in notification test
First Time appeared Checkmk
Checkmk checkmk
Weaknesses CWE-140
CPEs cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*
Vendors & Products Checkmk
Checkmk checkmk
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Checkmk Checkmk
cve-icon MITRE

Status: PUBLISHED

Assigner: Checkmk

Published:

Updated: 2026-04-14T13:29:54.362Z

Reserved: 2026-03-20T10:30:13.353Z

Link: CVE-2026-33456

cve-icon Vulnrichment

Updated: 2026-04-10T12:47:46.627Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T09:16:24.493

Modified: 2026-04-20T17:10:06.623

Link: CVE-2026-33456

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:06:16Z

Weaknesses