CVE-2024-47091
Privilege escalation via mk_mysql agent plugin on Windows
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.
| CWE | CWE-427 |
| Vendor | checkmk gmbh |
| Product | checkmk |
| Published | May 13, 2026 |
| Last Updated | May 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for checkmk gmbh checkmk
Be the first to know when new unknown vulnerabilities affecting checkmk gmbh checkmk are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Checkmk GmbH / Checkmk
2.4.0 < 2.4.0p29 2.3.0 < 2.3.0p47 2.2.0