CVE-2026-2859

EUVD-2026-11784
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
checkmkcheckmk
2.2.0
checkmkcheckmk
2.2.0:b1
checkmkcheckmk
2.2.0:b2
checkmkcheckmk
2.2.0:b3
checkmkcheckmk
2.2.0:b4
checkmkcheckmk
2.2.0:b5
checkmkcheckmk
2.2.0:b6
checkmkcheckmk
2.2.0:b7
checkmkcheckmk
2.2.0:b8
checkmkcheckmk
2.2.0:i1
checkmkcheckmk
2.2.0:p1
checkmkcheckmk
2.2.0:p10
checkmkcheckmk
2.2.0:p11
checkmkcheckmk
2.2.0:p12
checkmkcheckmk
2.2.0:p13
checkmkcheckmk
2.2.0:p14
checkmkcheckmk
2.2.0:p15
checkmkcheckmk
2.2.0:p16
checkmkcheckmk
2.2.0:p17
checkmkcheckmk
2.2.0:p18
checkmkcheckmk
2.2.0:p19
checkmkcheckmk
2.2.0:p2
checkmkcheckmk
2.2.0:p20
checkmkcheckmk
2.2.0:p21
checkmkcheckmk
2.2.0:p22
checkmkcheckmk
2.2.0:p23
checkmkcheckmk
2.2.0:p24
checkmkcheckmk
2.2.0:p25
checkmkcheckmk
2.2.0:p26
checkmkcheckmk
2.2.0:p27
checkmkcheckmk
2.2.0:p28
checkmkcheckmk
2.2.0:p29
checkmkcheckmk
2.2.0:p3
checkmkcheckmk
2.2.0:p30
checkmkcheckmk
2.2.0:p31
checkmkcheckmk
2.2.0:p32
checkmkcheckmk
2.2.0:p33
checkmkcheckmk
2.2.0:p34
checkmkcheckmk
2.2.0:p35
checkmkcheckmk
2.2.0:p36
checkmkcheckmk
2.2.0:p37
checkmkcheckmk
2.2.0:p38
checkmkcheckmk
2.2.0:p39
checkmkcheckmk
2.2.0:p4
checkmkcheckmk
2.2.0:p40
checkmkcheckmk
2.2.0:p41
checkmkcheckmk
2.2.0:p42
checkmkcheckmk
2.2.0:p43
checkmkcheckmk
2.2.0:p44
checkmkcheckmk
2.2.0:p45
checkmkcheckmk
2.2.0:p46
checkmkcheckmk
2.2.0:p47
checkmkcheckmk
2.2.0:p5
checkmkcheckmk
2.2.0:p6
checkmkcheckmk
2.2.0:p7
checkmkcheckmk
2.2.0:p8
checkmkcheckmk
2.2.0:p9
checkmkcheckmk
2.3.0
checkmkcheckmk
2.3.0:b1
checkmkcheckmk
2.3.0:b2
checkmkcheckmk
2.3.0:b3
checkmkcheckmk
2.3.0:b4
checkmkcheckmk
2.3.0:b5
checkmkcheckmk
2.3.0:b6
checkmkcheckmk
2.3.0:p1
checkmkcheckmk
2.3.0:p10
checkmkcheckmk
2.3.0:p11
checkmkcheckmk
2.3.0:p12
checkmkcheckmk
2.3.0:p13
checkmkcheckmk
2.3.0:p14
checkmkcheckmk
2.3.0:p15
checkmkcheckmk
2.3.0:p16
checkmkcheckmk
2.3.0:p17
checkmkcheckmk
2.3.0:p18
checkmkcheckmk
2.3.0:p19
checkmkcheckmk
2.3.0:p2
checkmkcheckmk
2.3.0:p20
checkmkcheckmk
2.3.0:p21
checkmkcheckmk
2.3.0:p22
checkmkcheckmk
2.3.0:p23
checkmkcheckmk
2.3.0:p24
checkmkcheckmk
2.3.0:p25
checkmkcheckmk
2.3.0:p26
checkmkcheckmk
2.3.0:p27
checkmkcheckmk
2.3.0:p28
checkmkcheckmk
2.3.0:p29
checkmkcheckmk
2.3.0:p3
checkmkcheckmk
2.3.0:p30
checkmkcheckmk
2.3.0:p31
checkmkcheckmk
2.3.0:p32
checkmkcheckmk
2.3.0:p33
checkmkcheckmk
2.3.0:p34
checkmkcheckmk
2.3.0:p35
checkmkcheckmk
2.3.0:p36
checkmkcheckmk
2.3.0:p37
checkmkcheckmk
2.3.0:p38
checkmkcheckmk
2.3.0:p39
checkmkcheckmk
2.3.0:p4
checkmkcheckmk
2.3.0:p40
checkmkcheckmk
2.3.0:p41
checkmkcheckmk
2.3.0:p42
checkmkcheckmk
2.3.0:p5
checkmkcheckmk
2.3.0:p6
checkmkcheckmk
2.3.0:p7
checkmkcheckmk
2.3.0:p8
checkmkcheckmk
2.3.0:p9
checkmkcheckmk
2.4.0
checkmkcheckmk
2.4.0:b1
checkmkcheckmk
2.4.0:b2
checkmkcheckmk
2.4.0:b3
checkmkcheckmk
2.4.0:b4
checkmkcheckmk
2.4.0:b5
checkmkcheckmk
2.4.0:b6
checkmkcheckmk
2.4.0:p1
checkmkcheckmk
2.4.0:p10
checkmkcheckmk
2.4.0:p11
checkmkcheckmk
2.4.0:p12
checkmkcheckmk
2.4.0:p13
checkmkcheckmk
2.4.0:p14
checkmkcheckmk
2.4.0:p15
checkmkcheckmk
2.4.0:p16
checkmkcheckmk
2.4.0:p17
checkmkcheckmk
2.4.0:p18
checkmkcheckmk
2.4.0:p19
checkmkcheckmk
2.4.0:p2
checkmkcheckmk
2.4.0:p20
checkmkcheckmk
2.4.0:p21
checkmkcheckmk
2.4.0:p22
checkmkcheckmk
2.4.0:p3
checkmkcheckmk
2.4.0:p4
checkmkcheckmk
2.4.0:p5
checkmkcheckmk
2.4.0:p6
checkmkcheckmk
2.4.0:p7
checkmkcheckmk
2.4.0:p8
checkmkcheckmk
2.4.0:p9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://checkmk.com/werk/18994