Stored Cross-Site Scripting in Checkmk Affects User Security
CVE-2026-7186

8.5HIGH

Key Information:

Status
Vendor
CVE Published:
8 June 2026

What is CVE-2026-7186?

The stored cross-site scripting vulnerability in Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows users who have dashboard editing permissions to insert malicious URLs containing dangerous URI schemes, such as 'javascript:'. When other users access the dashboard, these scripts can be executed in their browsers, posing a significant security risk.

Affected Version(s)

Checkmk 2.5.0 < 2.5.0p5

Checkmk 2.4.0 < 2.4.0p31

Checkmk 2.3.0 < 2.3.0p48

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.