PT-2026-30816 · Checkmk · Checkmk
Alex Williams
·
Published
2026-04-07
·
Updated
2026-04-19
·
CVE-2026-3466
CVSS v4.0
8.5
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 2.2.0 (EOL), 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 (beta) through 2.5.0b2
Description
Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform stored cross-site scripting (XSS) attacks. An attacker can trick a victim into clicking a crafted dashlet title link on a shared dashboard.
Recommendations
Update to Checkmk version 2.3.0p46 or later.
Update to Checkmk version 2.4.0p25 or later.
Update to Checkmk version 2.5.0b3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk