Back to search
CVE-2024-47091
Published: May 13, 2026
Modified: May 13, 2026
PUBLISHED
Description
Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.
| Vendor | Product | Versions |
|---|---|---|
Checkmk GmbH | Checkmk | affected 2.4.0 - < 2.4.0p29affected 2.3.0 - < 2.3.0p47affected 2.2.0 |
Weaknesses (CWE)
References
https://checkmk.com/werk/19198
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now