CVE-2026-33276

High CVSS: 8.6

Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature.

Vendor

Checkmk

Product

Checkmk

CWE

CWE-79

Yayın Tarihi

2026-03-31 15:16:14

Güncelleme

2026-04-02 12:05:12

Source Identifier

security@checkmk.com

KEV Date Added

Kategoriler

CWE-79 Checkmk HIGH Checkmk 2026

Referanslar

https://checkmk.com/werk/19525

Benzer Kayıtlar

High

CVE-2026-20915

Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permiss…

Medium

CVE-2026-2859

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows…

Medium

CVE-2026-24097

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows…

Medium

CVE-2026-3103

A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions

High

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker…

Low

CVE-2025-65000

SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk