Platform
linux
Component
checkmk
Fixed in
2.5.0b4
2.4.0p26
2.3.0p47
CVE-2026-33457 describes a Livestatus injection vulnerability discovered in Checkmk. This flaw allows an authenticated user to inject arbitrary Livestatus commands, potentially leading to unauthorized access and system compromise. The vulnerability affects Checkmk versions 2.3.0 through 2.5.0b4, as well as specific point releases (2.4.0p26 and 2.3.0p47). A fix is available in version 2.5.0b4.
Successful exploitation of CVE-2026-33457 allows an authenticated user to execute arbitrary Livestatus commands within the Checkmk environment. Livestatus is a protocol used for monitoring system resources, and injecting commands could allow an attacker to extract sensitive information, disrupt monitoring processes, or potentially gain further access to the underlying system. The impact is amplified if the Checkmk instance is used to monitor critical infrastructure, as compromised monitoring data could lead to incorrect operational decisions. This vulnerability is particularly concerning because it leverages an authenticated context, meaning an attacker needs valid credentials to exploit it, but once inside, the potential for damage is significant.
CVE-2026-33457 was publicly disclosed on 2026-04-10. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation, but the potential for remote code execution via Livestatus injection suggests a potential medium to high probability of exploitation if a suitable PoC is developed and widely adopted.
Exploit Status
EPSS
0.05% (14% percentile)
CISA SSVC
The primary mitigation for CVE-2026-33457 is to upgrade Checkmk to version 2.5.0b4 or later. If immediate upgrading is not feasible, consider restricting access to the prediction graph page to trusted users only. Implement strict input validation on the service description field to prevent malicious commands from being injected. While not a direct fix, configuring a Web Application Firewall (WAF) to filter out suspicious Livestatus commands can provide an additional layer of defense. Monitor Checkmk logs for unusual Livestatus command executions.
Update Checkmk to version 2.5.0b4, 2.4.0p26, or 2.3.0p47 or later to mitigate the vulnerability. The update corrects the inadequate sanitization of the service description, preventing Livestatus command injection.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33457 is a vulnerability in Checkmk versions 2.3.0–2.5.0b4 that allows authenticated users to inject arbitrary Livestatus commands via a crafted service name parameter.
You are affected if you are running Checkmk versions 2.3.0, 2.4.0p26, 2.5.0b4 or earlier. Checkmk 2.5.0b4 and later versions contain a fix.
Upgrade Checkmk to version 2.5.0b4 or later. As a temporary workaround, restrict access to the prediction graph page and implement strict input validation.
There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention.
Please refer to the official Checkmk security advisory for detailed information and updates: [https://example.com/checkmk-security-advisory](https://example.com/checkmk-security-advisory) (replace with actual advisory URL)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.