Checkmk Security Vulnerabilities (CVEs)
Track 27 security vulnerabilities affecting Checkmk products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability exposes SSH private keys in the HTML source of Checkmk's remote alert handler rule pages. Attackers who can access these pages coul...
Dec 18, 2025This vulnerability allows low-privileged users in Checkmk monitoring systems to access agent information through the REST API without proper authoriza...
Dec 18, 2025This vulnerability allows low-privileged users in Checkmk to bypass permission checks on REST API endpoints, enabling unauthorized actions or access t...
Nov 18, 2025A Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote monitoring site to inject malicious HTML/Ja...
Oct 30, 2025This vulnerability allows local privilege escalation on Windows systems running affected Checkmk Windows Agent versions. An attacker with local access...
Oct 9, 2025This vulnerability allows authenticated users to inject arbitrary Livestatus commands through the RestAPI autocomplete endpoint in Checkmk. Attackers ...
Jul 4, 2025This vulnerability allows local attackers on Linux and Solaris systems to read sensitive data from Checkmk agent update packages due to incorrect file...
May 22, 2025This vulnerability causes Checkmk to write remote site authentication secrets to log files accessible to administrators. Attackers with access to thes...
Apr 22, 2025This vulnerability in Checkmk allows attackers to bypass session logout mechanisms, potentially maintaining unauthorized access to monitoring systems....
Mar 26, 2025This vulnerability in Checkmk monitoring software causes LDAP authentication credentials to be written to Apache error log files. Administrators with ...
Feb 19, 2025This vulnerability in Checkmk monitoring software causes remote site secrets to be written to web log files accessible to local site users. Attackers ...
Nov 29, 2024This vulnerability exposes CSRF tokens in URL query parameters in Checkmk monitoring software, allowing attackers to steal these tokens. Attackers can...
Oct 14, 2024This vulnerability allows authenticated users in Checkmk monitoring systems to bypass two-factor authentication (2FA) via the REST API. Attackers with...
Sep 23, 2024This vulnerability in the mk_informix Checkmk agent plugin allows local users to escalate privileges due to least privilege violations and reliance on...
Aug 20, 2024This vulnerability allows a local attacker to escalate privileges to SYSTEM level on Windows systems running vulnerable Checkmk Windows Agent versions...
Jul 10, 2024This authentication bypass vulnerability in Checkmk allows remote attackers to access HTTP endpoints without proper credentials, potentially exposing ...
Jul 8, 2024This vulnerability allows authenticated users with Global Settings permissions to inject malicious HTML/JavaScript into the Crash Report URL field, cr...
Jun 25, 2024This CVE describes a local privilege escalation vulnerability in Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs. Local users can ex...
Mar 22, 2024This vulnerability allows local users on Windows systems running vulnerable Checkmk agent plugins to escalate privileges to SYSTEM level. It affects C...
Mar 11, 2024This vulnerability in Checkmk allows attackers to use locked credentials due to insufficient authentication flow. Attackers could potentially gain una...
Jan 12, 2024This vulnerability allows local users on systems running vulnerable Checkmk versions to escalate their privileges to root/admin level. It affects Chec...
Jan 12, 2024This vulnerability allows authorized users of Checkmk to execute arbitrary livestatus commands by exploiting improper neutralization of command delimi...
Nov 22, 2023This vulnerability allows authorized users of Checkmk's RestAPI to execute arbitrary livestatus commands due to improper input sanitization. Attackers...
May 17, 2023This vulnerability allows authenticated Checkmk users to directly interact with the underlying Apache installation through reverse proxy configuration...
Apr 20, 2023This vulnerability allows authenticated users with User Management permissions (and LDAP administrators in some configurations) to inject arbitrary co...
Feb 20, 2023This CVE describes a PHP code injection vulnerability in Checkmk's watolib auth.php and hosttags.php components. Attackers can inject and execute arbi...
Feb 20, 2023CVE-2021-40904 allows remote code execution through the CheckMK web management console by exploiting a misconfiguration in the default Dokuwiki instal...
Mar 25, 2022Why Monitor Checkmk Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 27+ known vulnerabilities affecting Checkmk products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Checkmk packages in under 60 seconds. No agents required - completely agentless scanning that works across Checkmk deployments.
Free vulnerability database: Access detailed information about every Checkmk CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Checkmk CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
