CVE-2024-47091
Privilege escalation via mk_mysql agent plugin on Windows
Description
Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.
INFO
Published Date :
May 13, 2026, 8:35 a.m.
Last Modified :
May 13, 2026, 8:35 a.m.
Remotely Exploit :
No
Source :
Checkmk
Affected Products
The following products are affected by CVE-2024-47091
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Upgrade Checkmk to a patched version.
- Ensure the Checkmk agent service runs with least privilege.
- Restrict creation of services with specific names.
- Verify file and directory permissions.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-47091 vulnerability anywhere in the article.