CVE-2026-33457: Livestatus Injection in Checkmk
Platform
linux
Component
checkmk
Fixed in
2.5.0b4
2.4.0p26
2.3.0p47
CVE-2026-33457 describes a Livestatus injection vulnerability discovered in Checkmk. This flaw allows an authenticated user to inject arbitrary Livestatus commands, potentially leading to unauthorized access and system compromise. The vulnerability affects Checkmk versions 2.3.0 through 2.5.0b4, as well as specific point releases (2.4.0p26 and 2.3.0p47). A fix is available in version 2.5.0b4.
Impact and Attack Scenarios
Successful exploitation of CVE-2026-33457 allows an authenticated user to execute arbitrary Livestatus commands within the Checkmk environment. Livestatus is a protocol used for monitoring system resources, and injecting commands could allow an attacker to extract sensitive information, disrupt monitoring processes, or potentially gain further access to the underlying system. The impact is amplified if the Checkmk instance is used to monitor critical infrastructure, as compromised monitoring data could lead to incorrect operational decisions. This vulnerability is particularly concerning because it leverages an authenticated context, meaning an attacker needs valid credentials to exploit it, but once inside, the potential for damage is significant.
Exploitation Context
CVE-2026-33457 was publicly disclosed on 2026-04-10. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation, but the potential for remote code execution via Livestatus injection suggests a potential medium to high probability of exploitation if a suitable PoC is developed and widely adopted.
Threat Intelligence
Exploit Status
EPSS
0.05% (14% percentile)
CISA SSVC
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- Modified
- EPSS updated
Mitigation and Workarounds
The primary mitigation for CVE-2026-33457 is to upgrade Checkmk to version 2.5.0b4 or later. If immediate upgrading is not feasible, consider restricting access to the prediction graph page to trusted users only. Implement strict input validation on the service description field to prevent malicious commands from being injected. While not a direct fix, configuring a Web Application Firewall (WAF) to filter out suspicious Livestatus commands can provide an additional layer of defense. Monitor Checkmk logs for unusual Livestatus command executions.
How to fix
Update Checkmk to version 2.5.0b4, 2.4.0p26, or 2.3.0p47 or later to mitigate the vulnerability. The update corrects the inadequate sanitization of the service description, preventing Livestatus command injection.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2026-33457 — Livestatus Injection in Checkmk?
CVE-2026-33457 is a vulnerability in Checkmk versions 2.3.0–2.5.0b4 that allows authenticated users to inject arbitrary Livestatus commands via a crafted service name parameter.
Am I affected by CVE-2026-33457 in Checkmk?
You are affected if you are running Checkmk versions 2.3.0, 2.4.0p26, 2.5.0b4 or earlier. Checkmk 2.5.0b4 and later versions contain a fix.
How do I fix CVE-2026-33457 in Checkmk?
Upgrade Checkmk to version 2.5.0b4 or later. As a temporary workaround, restrict access to the prediction graph page and implement strict input validation.
Is CVE-2026-33457 being actively exploited?
There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention.
Where can I find the official Checkmk advisory for CVE-2026-33457?
Please refer to the official Checkmk security advisory for detailed information and updates: [https://example.com/checkmk-security-advisory](https://example.com/checkmk-security-advisory) (replace with actual advisory URL)
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.