CVE-2026-20915

CVSS v4.0

8.5

High

Vector

AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.5.0b2

Description A stored cross-site scripting issue exists in Checkmk. Authenticated users with permission to create pending changes can inject malicious JavaScript into the Pending Changes sidebar. This injected script will then execute in the browsers of other users who view the sidebar. The vulnerable component is the Pending Changes sidebar.

Recommendations Update to version 2.5.0b2 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-20915

Affected Products

Checkmk

CVE-2026-20915

Weakness Enumeration

Related Identifiers

Affected Products

References · 6