Security Advisory

CVE-2026-33457

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-10 08:31:35

Last updated 2026-04-14 13:29:41

Assigner Checkmk

State PUBLISHED

Description

Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value.

← Browse all CVEs View on cve.org ↗