CVE-2026-33455 MEDIUM

CVE-2026-33455: Livestatus injection in monitoring quicksearch

Vendor Checkmk Gmbh
Product Checkmk
Weakness CWE-140
Published April 10, 2026
Last update April 14, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.

Key dates

02Disclosure timeline

April 10, 2026 CVE published
April 14, 2026 Record updated