CVE-2026-3103

moderate-risk

Published 2026-03-04

A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Checkmk

Affected Vendors

Checkmk

References (1)

Mitigation https://checkmk.com/werk/19041

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 28/34 · Critical