Livestatus Injection Vulnerability in Checkmk by Tribe29
CVE-2026-33456

5.1MEDIUM

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 10 April 2026

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2026-33456?

An authentication vulnerability exists in Checkmk that allows an authenticated user to execute arbitrary Livestatus commands through the notification test page. This flaw affects versions prior to 2.5.0b4 and 2.4.0p26, where improper input validation enables potential exploitation via a specially crafted service description.

Affected Version(s)

Checkmk 2.5.0 < 2.5.0b4

Checkmk 2.4.0 < 2.4.0p26

References

https://checkmk.com/werk/17989

vendor-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Mar 20, 2026

CVE-2026-33456 Data

JSON