CVE-2022-46836

CRITICAL

Tribe29's Checkmk <2.1.0p10-<2.0.0p27-<1.6.0p29 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-46836. PoCs published by JacobEbben.

AI-analyzed exploit summary This is a functional exploit for CVE-2022-46836, which leverages a PHP code injection vulnerability in Checkmk's user profile settings to achieve authenticated remote code execution. The exploit writes a reverse shell payload into the application's auth.php file and triggers it via the NagVis component.

Description

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component.

Exploits (1)

nomisec WORKING POC 1 stars
by JacobEbben · poc
https://github.com/JacobEbben/CVE-2022-46836_remote_code_execution

This is a functional exploit for CVE-2022-46836, which leverages a PHP code injection vulnerability in Checkmk's user profile settings to achieve authenticated remote code execution. The exploit writes a reverse shell payload into the application's auth.php file and triggers it via the NagVis component.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, Checkmk <= 1.6.0p29
Auth required
Prerequisites: Valid credentials for Checkmk · Network access to the target · NagVis component enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

CVSS v3 9.1
EPSS 0.0113
EPSS Percentile 62.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Details

CWE
CWE-20 CWE-94
Status published
Products (2)
checkmk/checkmk 2.1.0 (20 CPE variants)
checkmk/checkmk 2.0.0 (30 CPE variants)
Published Feb 20, 2023
Tracked Since Feb 18, 2026