Platform
linux
Component
checkmk
Fixed in
2.5.0b4
2.4.0p26
CVE-2026-33456 describes a Livestatus injection vulnerability discovered in Checkmk. This flaw allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description, potentially leading to unauthorized access and system compromise. The vulnerability affects Checkmk versions 2.4.0 through 2.5.0b4, and a fix is available in version 2.5.0b4.
Successful exploitation of CVE-2026-33456 could allow an attacker to execute arbitrary Livestatus commands on the Checkmk server. Livestatus is a protocol used for monitoring system resources, and injecting commands could enable an attacker to gather sensitive information, disrupt monitoring processes, or even gain further access to the underlying system. The impact is amplified if the Checkmk server has access to critical infrastructure or sensitive data. While authentication is required, a compromised user account could be leveraged to exploit this vulnerability, potentially leading to a significant security breach.
CVE-2026-33456 was publicly disclosed on 2026-04-10. There are currently no known public proof-of-concept exploits available. The EPSS score is pending evaluation, but given the potential for command execution, it is likely to be assessed as medium or high. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Exploit Status
EPSS
0.05% (16% percentile)
CISA SSVC
The primary mitigation for CVE-2026-33456 is to upgrade Checkmk to version 2.5.0b4 or later, which contains the fix. If immediate upgrade is not possible, restrict access to the notification test page to only authorized personnel. Review service descriptions for any unusual or suspicious content. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious Livestatus commands. After upgrading, confirm the vulnerability is resolved by attempting to inject a benign Livestatus command via the notification test page and verifying that it is not executed.
Update Checkmk to version 2.5.0b4 or later to mitigate the Livestatus injection vulnerability. This update corrects how service descriptions are handled, preventing the injection of arbitrary commands. Ensure you review the release notes for specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33456 is a vulnerability in Checkmk versions 2.4.0–2.5.0b4 that allows authenticated users to inject arbitrary Livestatus commands via the notification test page, potentially leading to system compromise.
You are affected if you are running Checkmk versions 2.4.0 through 2.5.0b4 and have users with access to the notification test page.
Upgrade Checkmk to version 2.5.0b4 or later to resolve the vulnerability. Restrict access to the notification test page as an interim measure.
As of the current date, there are no known public exploits or confirmed active exploitation campaigns for CVE-2026-33456.
Refer to the official Checkmk security advisory for detailed information and updates regarding CVE-2026-33456.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.