CVE-2026-33276

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.5.0 through 2.5.0b1

Description A stored cross-site scripting issue exists in Checkmk. An authenticated user with the ability to create hosts or services can inject malicious JavaScript code. This code will then execute in the browsers of other users when they utilize the Unified Search feature. The vulnerability allows for arbitrary JavaScript execution.

Recommendations Update to version 2.5.0b2 or later.