Cyber Resilience

CVE-2026-31836

HighPublic PoC

Published: 20 March 2026

Published
20 March 2026
Modified
30 March 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0029 21.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-31836 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Bluewavelabs Checkmate. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-31836 is a mass assignment vulnerability in Checkmate's user profile update endpoint. Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with visualizations. The vulnerability affects versions 3.5.1 and prior, allowing improper handling of user input during profile updates.

Any authenticated user can exploit this vulnerability over the network with low complexity to escalate their privileges to superadmin, bypassing all role-based access controls. Successful exploitation grants complete administrative access to the application, enabling the attacker to view all users, modify critical configurations, and access sensitive system data. The issue has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and is associated with CWEs 269 (Improper Privilege Management) and 285 (Improper Authorization).

The GitHub security advisory at https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-6368-x7wr-wpm2 states that, at the time of publication on 2026-03-20, there are no publicly available patches.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows…

more

any authenticated user to escalate their privileges to superadmin, bypassing all role-based access controls. An attacker can modify their user role to gain complete administrative access to the application, including the ability to view all users, modify critical configurations, and access sensitive system data. At time of publication, there are no publicly available patches.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Mass assignment flaw in authenticated profile update endpoint is directly exploited to escalate from low-privileged user to superadmin, matching T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23896Shared CWE-269
CVE-2025-29922Shared CWE-285
CVE-2025-0893Shared CWE-269
CVE-2025-2858Shared CWE-269
CVE-2026-31368Shared CWE-269
CVE-2026-21983Shared CWE-269
CVE-2024-49742Shared CWE-269
CVE-2026-1993Shared CWE-269
CVE-2026-29124Shared CWE-269
CVE-2026-29923Shared CWE-269

Affected Assets

bluewavelabs
checkmate
≤ 3.5.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations to prevent authenticated users from escalating privileges via mass assignment in the user profile update endpoint.

prevent

Validates information inputs at the profile update endpoint to block unauthorized parameters like role modifications in mass assignment attacks.

prevent

Employs least privilege to restrict privilege escalations, ensuring users cannot gain superadmin access beyond assigned roles.

References