Cross-Site Scripting Vulnerability in Checkmk by tribe29
CVE-2026-8833

8.5HIGH

Key Information:

Status
Vendor
CVE Published:
8 June 2026

What is CVE-2026-8833?

A flaw in the URL validation function of Checkmk allows authenticated users to craft malicious URLs, including javascript: URIs. This bypasses standard URL validation measures, leading to the potential execution of cross-site scripting attacks when other users interact with the compromised links. This vulnerability affects multiple versions of the Checkmk product, underscoring the need for prompt remediation and robust security practices.

Affected Version(s)

Checkmk 2.5.0 < 2.5.0p5

Checkmk 2.4.0 < 2.4.0p31

Checkmk 2.3.0 < 2.3.0p48

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arvato Systems Offensive Security
.