Potential livestatus injection in prediction graph page
翻译中…平台
linux
组件
checkmk
修复版本
2.5.0b4
2.4.0p26
2.3.0p47
CVE-2026-33457 describes a Livestatus injection vulnerability discovered in Checkmk. This flaw allows an authenticated user to inject arbitrary Livestatus commands, potentially leading to unauthorized access and system compromise. The vulnerability affects Checkmk versions 2.3.0 through 2.5.0b4, as well as specific point releases (2.4.0p26 and 2.3.0p47). A fix is available in version 2.5.0b4.
影响与攻击场景翻译中…
Successful exploitation of CVE-2026-33457 allows an authenticated user to execute arbitrary Livestatus commands within the Checkmk environment. Livestatus is a protocol used for monitoring system resources, and injecting commands could allow an attacker to extract sensitive information, disrupt monitoring processes, or potentially gain further access to the underlying system. The impact is amplified if the Checkmk instance is used to monitor critical infrastructure, as compromised monitoring data could lead to incorrect operational decisions. This vulnerability is particularly concerning because it leverages an authenticated context, meaning an attacker needs valid credentials to exploit it, but once inside, the potential for damage is significant.
利用背景翻译中…
CVE-2026-33457 was publicly disclosed on 2026-04-10. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation, but the potential for remote code execution via Livestatus injection suggests a potential medium to high probability of exploitation if a suitable PoC is developed and widely adopted.
哪些人处于风险中翻译中…
Organizations heavily reliant on Checkmk for monitoring critical infrastructure are particularly at risk. Environments with shared Checkmk instances or those with weak authentication practices are also more vulnerable. Specifically, those using legacy Checkmk configurations with less stringent input validation are at increased risk.
检测步骤翻译中…
• linux / server:
journalctl -u checkmk -g "livestatus command injection"• linux / server:
ps aux | grep livestatus | grep -i "crafted service name"• generic web:
curl -I 'http://checkmk_server/prediction_graph?service_description=<crafted_service_name>' | grep 'Livestatus'攻击时间线
- Disclosure
disclosure
威胁情报
漏洞利用状态
EPSS
0.05% (14% 百分位)
CISA SSVC
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- 修改日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2026-33457 is to upgrade Checkmk to version 2.5.0b4 or later. If immediate upgrading is not feasible, consider restricting access to the prediction graph page to trusted users only. Implement strict input validation on the service description field to prevent malicious commands from being injected. While not a direct fix, configuring a Web Application Firewall (WAF) to filter out suspicious Livestatus commands can provide an additional layer of defense. Monitor Checkmk logs for unusual Livestatus command executions.
修复方法翻译中…
Actualice Checkmk a la versión 2.5.0b4, 2.4.0p26 o 2.3.0p47 o superior para mitigar la vulnerabilidad. La actualización corrige la falta de sanitización adecuada de la descripción del servicio, previniendo la inyección de comandos Livestatus.
CVE 安全通讯
漏洞分析和关键警报直接发送到您的邮箱。
常见问题翻译中…
What is CVE-2026-33457 — Livestatus Injection in Checkmk?
CVE-2026-33457 is a vulnerability in Checkmk versions 2.3.0–2.5.0b4 that allows authenticated users to inject arbitrary Livestatus commands via a crafted service name parameter.
Am I affected by CVE-2026-33457 in Checkmk?
You are affected if you are running Checkmk versions 2.3.0, 2.4.0p26, 2.5.0b4 or earlier. Checkmk 2.5.0b4 and later versions contain a fix.
How do I fix CVE-2026-33457 in Checkmk?
Upgrade Checkmk to version 2.5.0b4 or later. As a temporary workaround, restrict access to the prediction graph page and implement strict input validation.
Is CVE-2026-33457 being actively exploited?
There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention.
Where can I find the official Checkmk advisory for CVE-2026-33457?
Please refer to the official Checkmk security advisory for detailed information and updates: [https://example.com/checkmk-security-advisory](https://example.com/checkmk-security-advisory) (replace with actual advisory URL)