Stored Cross-Site Scripting Vulnerability in Checkmk by Tribe29
CVE-2026-8078

4.8MEDIUM

Key Information:

Status
Vendor
CVE Published:
8 June 2026

What is CVE-2026-8078?

A stored cross-site scripting vulnerability has been identified in Checkmk, allowing an administrator with the ability to modify global settings to embed malicious HTML or JavaScript into changelog entries. This malicious code can execute when other users access the 'Activate Changes' page or the audit log, potentially compromising their sessions and exposing sensitive data.

Affected Version(s)

Checkmk 2.5.0 < 2.5.0p5

Checkmk 2.4.0 < 2.4.0p31

Checkmk 2.3.0 < 2.3.0p48

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.