Stored Cross-Site Scripting in Checkmk Affects User Security
CVE-2026-7186
8.5HIGH
What is CVE-2026-7186?
The stored cross-site scripting vulnerability in Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows users who have dashboard editing permissions to insert malicious URLs containing dangerous URI schemes, such as 'javascript:'. When other users access the dashboard, these scripts can be executed in their browsers, posing a significant security risk.
Affected Version(s)
Checkmk 2.5.0 < 2.5.0p5
Checkmk 2.4.0 < 2.4.0p31
Checkmk 2.3.0 < 2.3.0p48
