Back to search
CVE-2026-33457
Published: Apr 10, 2026
Modified: Apr 14, 2026
PUBLISHED
Description
Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value.
| Vendor | Product | Versions |
|---|---|---|
Checkmk GmbH | Checkmk | affected 2.5.0 - < 2.5.0b4affected 2.4.0 - < 2.4.0p26affected 2.3.0 - < 2.3.0p47 |
Weaknesses (CWE)
References
https://checkmk.com/werk/17990
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now