CVE-2026-2859 - Vulnerability Details - OpenCVE

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00051.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Checkmk	Checkmk

No data.

No data.

No data.

References

Link	Providers
https://checkmk.com/werk/18994

History

Fri, 13 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 13 Mar 2026 10:00:00 +0000

Type	Values Removed	Values Added
Description		Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure.
Title		Unauthenticated Host Enumeration via Observable Response Discrepancy on Deploy Agent Endpoint
First Time appeared		Checkmk Checkmk checkmk
Weaknesses		CWE-204
CPEs		cpe:2.3:a:checkmk:checkmk:::::::: cpe:2.3:a:checkmk:checkmk:2.2.0:::::::*
Vendors & Products		Checkmk Checkmk checkmk
References		https://checkmk.com/werk/18994
Metrics		cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Checkmk

Published: 2026-03-13T09:40:43.743Z

Updated: 2026-03-13T15:48:18.690Z

Reserved: 2026-02-20T11:17:22.562Z

Link: CVE-2026-2859

Vulnrichment

Updated: 2026-03-13T15:48:15.048Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2859", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2026-02-20T11:17:22.562Z", "datePublished": "2026-03-13T09:40:43.743Z", "dateUpdated": "2026-03-13T15:48:18.690Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.4.0p23", "status": "affected", "version": "2.4.0", "versionType": "semver"}, {"status": "affected", "lessThan": "2.3.0p43", "version": "2.3.0", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV4_0": {"baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-204", "description": "CWE-204: Observable Response Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2026-03-13T09:40:43.743Z"}, "references": [{"url": "https://checkmk.com/werk/18994"}], "title": "Unauthenticated Host Enumeration via Observable Response Discrepancy on Deploy Agent Endpoint", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "2.4.0p23"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.3.0", "versionEndExcluding": "2.3.0p43"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T15:48:12.846363Z", "id": "CVE-2026-2859", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T15:48:18.690Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2859", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T15:48:12.846363Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T15:48:15.048Z"}}], "cna": {"title": "Unauthenticated Host Enumeration via Observable Response Discrepancy on Deploy Agent Endpoint", "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Checkmk GmbH", "product": "Checkmk", "versions": [{"status": "affected", "version": "2.4.0", "lessThan": "2.4.0p23", "versionType": "semver"}, {"status": "affected", "version": "2.3.0", "lessThan": "2.3.0p43", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://checkmk.com/werk/18994"}], "descriptions": [{"lang": "en", "value": "Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-204", "description": "CWE-204: Observable Response Discrepancy"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.4.0p23", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.3.0p43", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2026-03-13T09:40:43.743Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2859", "state": "PUBLISHED", "dateUpdated": "2026-03-13T15:48:18.690Z", "dateReserved": "2026-02-20T11:17:22.562Z", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "datePublished": "2026-03-13T09:40:43.743Z", "assignerShortName": "Checkmk"}, "dataVersion": "5.2"}