Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-47091

Summary
Assigner-Checkmk
Assigner Org ID-f7d6281c-4801-44ce-ace2-493291dedb0f
Published At-13 May, 2026 | 08:35
Updated At-13 May, 2026 | 12:01
Rejected At-
Credits

Privilege escalation via mk_mysql agent plugin on Windows

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Checkmk
Assigner Org ID:f7d6281c-4801-44ce-ace2-493291dedb0f
Published At:13 May, 2026 | 08:35
Updated At:13 May, 2026 | 12:01
Rejected At:
▼CVE Numbering Authority (CNA)
Privilege escalation via mk_mysql agent plugin on Windows

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.

Affected Products
Vendor
Checkmk GmbHCheckmk GmbH
Product
Checkmk
Default Status
unaffected
Versions
Affected
  • From 2.4.0 before 2.4.0p29 (semver)
  • From 2.3.0 before 2.3.0p47 (semver)
  • 2.2.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427 Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427 Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
4.05.2MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
Version: 4.0
Base score: 5.2
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://checkmk.com/werk/19198
vendor-advisory
Hyperlink: https://checkmk.com/werk/19198
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@checkmk.com
Published At:13 May, 2026 | 10:16
Updated At:13 May, 2026 | 15:57

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.2MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 5.2
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-427Secondarysecurity@checkmk.com
CWE ID: CWE-427
Type: Secondary
Source: security@checkmk.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://checkmk.com/werk/19198security@checkmk.com
N/A
Hyperlink: https://checkmk.com/werk/19198
Source: security@checkmk.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2025-32917
Matching Score-10
Assigner-Checkmk GmbH
ShareView Details
Matching Score-10
Assigner-Checkmk GmbH
CVSS Score-5.2||MEDIUM
EPSS-0.26% / 17.11%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 10:45
Updated-22 Aug, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in jar_signature

Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges.

Action-Not Available
Vendor-Checkmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-32919
Matching Score-6
Assigner-Checkmk GmbH
ShareView Details
Matching Score-6
Assigner-Checkmk GmbH
CVSS Score-8.8||HIGH
EPSS-0.24% / 15.21%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 15:01
Updated-04 Dec, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation in Windows License plugin for Checkmk Windows Agent

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL).

Action-Not Available
Vendor-Checkmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-0670
Matching Score-6
Assigner-Checkmk GmbH
ShareView Details
Matching Score-6
Assigner-Checkmk GmbH
CVSS Score-8.8||HIGH
EPSS-0.34% / 25.94%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 14:50
Updated-13 Feb, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in windows agent

Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges

Action-Not Available
Vendor-Microsoft CorporationCheckmk GmbH
Product-windowscheckmkCheckmkcheckmk
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-6740
Matching Score-6
Assigner-Checkmk GmbH
ShareView Details
Matching Score-6
Assigner-Checkmk GmbH
CVSS Score-8.8||HIGH
EPSS-0.18% / 7.65%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 07:50
Updated-03 Jun, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in jar_signature

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

Action-Not Available
Vendor-tribe29 GmbHCheckmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-31210
Matching Score-6
Assigner-Checkmk GmbH
ShareView Details
Matching Score-6
Assigner-Checkmk GmbH
CVSS Score-8.8||HIGH
EPSS-0.54% / 40.93%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 08:26
Updated-02 Dec, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in agent via LD_LIBRARY_PATH

Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries

Action-Not Available
Vendor-Checkmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-427
Uncontrolled Search Path Element
Details not found