CVE-2026-3103

Published: Mar 4, 2026Modified: Mar 5, 2026

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security@checkmk.com (Secondary)

Description

A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.

Affected (79)

Products: Checkmk: Checkmk

Checkmk

1 product

Checkmk

Configuration A

79 vulnerable

Vulnerable Software	Affected Versions
Checkmk Checkmk	Version 2.2.0
Checkmk Checkmk	Version 2.3.0
Checkmk Checkmk	Version 2.3.0 b1
Checkmk Checkmk	Version 2.3.0 b2
Checkmk Checkmk	Version 2.3.0 b3
Checkmk Checkmk	Version 2.3.0 b4
Checkmk Checkmk	Version 2.3.0 b5
Checkmk Checkmk	Version 2.3.0 b6
Checkmk Checkmk	Version 2.3.0 p10
Checkmk Checkmk	Version 2.3.0 p11
Checkmk Checkmk	Version 2.3.0 p12
Checkmk Checkmk	Version 2.3.0 p13
Checkmk Checkmk	Version 2.3.0 p14
Checkmk Checkmk	Version 2.3.0 p15
Checkmk Checkmk	Version 2.3.0 p16
Checkmk Checkmk	Version 2.3.0 p17
Checkmk Checkmk	Version 2.3.0 p18
Checkmk Checkmk	Version 2.3.0 p19
Checkmk Checkmk	Version 2.3.0 p1
Checkmk Checkmk	Version 2.3.0 p20
Checkmk Checkmk	Version 2.3.0 p21
Checkmk Checkmk	Version 2.3.0 p22
Checkmk Checkmk	Version 2.3.0 p23
Checkmk Checkmk	Version 2.3.0 p24
Checkmk Checkmk	Version 2.3.0 p25
Checkmk Checkmk	Version 2.3.0 p26
Checkmk Checkmk	Version 2.3.0 p27
Checkmk Checkmk	Version 2.3.0 p28
Checkmk Checkmk	Version 2.3.0 p29
Checkmk Checkmk	Version 2.3.0 p2
Checkmk Checkmk	Version 2.3.0 p30
Checkmk Checkmk	Version 2.3.0 p31
Checkmk Checkmk	Version 2.3.0 p32
Checkmk Checkmk	Version 2.3.0 p33
Checkmk Checkmk	Version 2.3.0 p34
Checkmk Checkmk	Version 2.3.0 p35
Checkmk Checkmk	Version 2.3.0 p36
Checkmk Checkmk	Version 2.3.0 p37
Checkmk Checkmk	Version 2.3.0 p38
Checkmk Checkmk	Version 2.3.0 p39
Checkmk Checkmk	Version 2.3.0 p3
Checkmk Checkmk	Version 2.3.0 p40
Checkmk Checkmk	Version 2.3.0 p41
Checkmk Checkmk	Version 2.3.0 p42
Checkmk Checkmk	Version 2.3.0 p4
Checkmk Checkmk	Version 2.3.0 p5
Checkmk Checkmk	Version 2.3.0 p6
Checkmk Checkmk	Version 2.3.0 p7
Checkmk Checkmk	Version 2.3.0 p8
Checkmk Checkmk	Version 2.3.0 p9
Checkmk Checkmk	Version 2.4.0
Checkmk Checkmk	Version 2.4.0 b1
Checkmk Checkmk	Version 2.4.0 b2
Checkmk Checkmk	Version 2.4.0 b3
Checkmk Checkmk	Version 2.4.0 b4
Checkmk Checkmk	Version 2.4.0 b5
Checkmk Checkmk	Version 2.4.0 b6
Checkmk Checkmk	Version 2.4.0 p10
Checkmk Checkmk	Version 2.4.0 p11
Checkmk Checkmk	Version 2.4.0 p12
Checkmk Checkmk	Version 2.4.0 p13
Checkmk Checkmk	Version 2.4.0 p14
Checkmk Checkmk	Version 2.4.0 p15
Checkmk Checkmk	Version 2.4.0 p16
Checkmk Checkmk	Version 2.4.0 p17
Checkmk Checkmk	Version 2.4.0 p18
Checkmk Checkmk	Version 2.4.0 p19
Checkmk Checkmk	Version 2.4.0 p1
Checkmk Checkmk	Version 2.4.0 p20
Checkmk Checkmk	Version 2.4.0 p21
Checkmk Checkmk	Version 2.4.0 p22
Checkmk Checkmk	Version 2.4.0 p2
Checkmk Checkmk	Version 2.4.0 p3
Checkmk Checkmk	Version 2.4.0 p4
Checkmk Checkmk	Version 2.4.0 p5
Checkmk Checkmk	Version 2.4.0 p6
Checkmk Checkmk	Version 2.4.0 p7
Checkmk Checkmk	Version 2.4.0 p8
Checkmk Checkmk	Version 2.4.0 p9

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://checkmk.com/werk/19041

Source: security@checkmk.com

MitigationVendor Advisory

Timeline

No history available yet.