Compliance Impact

The vulnerability allows low-privileged authenticated users to perform unauthorized actions and access sensitive information via insufficient permission validation on Quick Setup REST API endpoints in Checkmk. This unauthorized access and potential disclosure of sensitive background job information could lead to non-compliance with standards and regulations such as GDPR and HIPAA, which require strict access controls and protection of sensitive data.

By enabling unauthorized modification and information disclosure, the vulnerability undermines the principle of least privilege and data confidentiality, which are critical for compliance with these regulations.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-24096 is a security vulnerability in Checkmk versions 2.4.0 and 2.5.0 that involves insufficient permission validation on multiple Quick Setup REST API endpoints.

Before the fix, any authenticated user with low privileges could interact with these endpoints without proper authorization checks. This allowed them to edit Quick Setup configurations, retrieve background job statuses, and execute Quick Setup actions by sending crafted PUT and POST requests.

The vulnerability enables unauthorized modification of stage data and potential disclosure of sensitive background job information.

The issue was discovered during a penetration test and has a medium severity rating with a CVSS 4.0 score of 5.3.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing low-privileged authenticated users to perform unauthorized actions within the Checkmk Quick Setup feature.

• Unauthorized users could modify Quick Setup configurations, potentially disrupting system setup or operations.
• They could obtain sensitive information such as background job statuses, which might reveal internal system details.
• The ability to execute Quick Setup actions without proper permissions could lead to unintended changes or system instability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves insufficient permission validation on Quick Setup REST API endpoints in Checkmk versions before 2.5.0b2 and 2.4.0p25. Detection involves checking if unauthorized users can access or modify Quick Setup configurations or fetch background job statuses via these API endpoints.

To detect exploitation attempts, monitor network traffic for unusual PUT or POST requests to Quick Setup REST API endpoints from low-privileged users. Specifically, crafted requests that attempt to edit Quick Setup configurations or retrieve background job information may indicate exploitation.

While no specific commands are provided in the resources, you can use tools like curl or HTTP clients to test access permissions manually. For example, attempting to perform a PUT or POST request to Quick Setup API endpoints with a low-privileged user account and observing if the action is allowed can help detect the vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Checkmk to a version that includes the security fix, starting from version 2.6.0b1, where proper permission checks on Quick Setup REST API endpoints are enforced.

Until the upgrade can be performed, restrict access to the Quick Setup REST API endpoints to trusted users only, and monitor for any unauthorized API requests that attempt to modify configurations or access sensitive information.

Useful 0 Not Useful 0