Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.6
Checkmk deletes data when user has insufficient permissions
UBUNTU-CVE-2026-3103
Summary
Checkmk versions before 2.4.0p23, 2.3.0p43, and 2.2.0 (no longer supported) have a bug that lets a user with limited access delete data. This could happen if a low-privileged user uses the remove_password() function. Update to a newer version of Checkmk to prevent data loss.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| canonical | check-mk | All versions | – |
| canonical | check-mk | All versions | – |
Original title
A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.
Original description
A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.
osv CVSS4.0
7.6
osv CVSS3.1
5.4
- https://ubuntu.com/security/CVE-2026-3103 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-3103 Third Party Advisory
- https://checkmk.com/werk/19041 Third Party Advisory
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026