CVE-2024-47091
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2026-05-13
Last updated on: 2026-05-26
Assigner: Checkmk GmbH
Description
Description
Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |