CVE-2026-31836HIGH 8.1EPSS p21.0%

CVE-2026-31836CVE-2026-31836

Description

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin, bypassing all role-based access controls. An attacker can modify their user role to gain complete administrative access to the application, including the ability to view all users, modify critical configurations, and access sensitive system data. At time of publication, there are no publicly available patches.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.29% probability of exploitation · percentile 21.0% · 2026-06-18T12:00:27Z
Published2026-03-20
Last modified2026-03-30

Underlying weaknesses· 2

CWE-269CWE-285

References

  1. https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-6368-x7wr-wpm2

2

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live
WeaknessImproper Authorizationcwe-2850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-47817
CVE
CVE-2026-24096
CVE
CVE-2026-30269
CVE
CVE-2026-7186
CVE
CVE-2025-47245
CVE
CVE-2026-6356
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.