修复版本
2.5.0b4
2.4.0p26
CVE-2026-33456 describes a Livestatus injection vulnerability discovered in Checkmk. This flaw allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description, potentially leading to unauthorized access and system compromise. The vulnerability affects Checkmk versions 2.4.0 through 2.5.0b4, and a fix is available in version 2.5.0b4.
Successful exploitation of CVE-2026-33456 could allow an attacker to execute arbitrary Livestatus commands on the Checkmk server. Livestatus is a protocol used for monitoring system resources, and injecting commands could enable an attacker to gather sensitive information, disrupt monitoring processes, or even gain further access to the underlying system. The impact is amplified if the Checkmk server has access to critical infrastructure or sensitive data. While authentication is required, a compromised user account could be leveraged to exploit this vulnerability, potentially leading to a significant security breach.
CVE-2026-33456 was publicly disclosed on 2026-04-10. There are currently no known public proof-of-concept exploits available. The EPSS score is pending evaluation, but given the potential for command execution, it is likely to be assessed as medium or high. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Organizations using Checkmk for system monitoring, particularly those with legacy configurations or shared hosting environments, are at risk. Environments where user accounts with access to the notification test page have elevated privileges are especially vulnerable.
• linux / server:
journalctl -u checkmk -g 'livestatus injection'• linux / server:
ps aux | grep 'livestatus' | grep -v grep• linux / server:
find /opt/check_mk/ -name '*service_description*' -print0 | xargs -0 grep -i 'malicious_command'disclosure
漏洞利用状态
EPSS
0.05% (16% 百分位)
CISA SSVC
The primary mitigation for CVE-2026-33456 is to upgrade Checkmk to version 2.5.0b4 or later, which contains the fix. If immediate upgrade is not possible, restrict access to the notification test page to only authorized personnel. Review service descriptions for any unusual or suspicious content. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious Livestatus commands. After upgrading, confirm the vulnerability is resolved by attempting to inject a benign Livestatus command via the notification test page and verifying that it is not executed.
Actualice Checkmk a la versión 2.5.0b4 o superior para mitigar la vulnerabilidad de inyección de Livestatus. Esta actualización corrige la forma en que se manejan las descripciones de los servicios, evitando la inyección de comandos arbitrarios. Asegúrese de revisar las notas de la versión para obtener instrucciones de actualización específicas.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-33456 is a vulnerability in Checkmk versions 2.4.0–2.5.0b4 that allows authenticated users to inject arbitrary Livestatus commands via the notification test page, potentially leading to system compromise.
You are affected if you are running Checkmk versions 2.4.0 through 2.5.0b4 and have users with access to the notification test page.
Upgrade Checkmk to version 2.5.0b4 or later to resolve the vulnerability. Restrict access to the notification test page as an interim measure.
As of the current date, there are no known public exploits or confirmed active exploitation campaigns for CVE-2026-33456.
Refer to the official Checkmk security advisory for detailed information and updates regarding CVE-2026-33456.