XSS in Checkmk Gmbh
CVE-2026-3466
Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0 allows an attacker with dashboard creation privileges to…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (10.6th percentile) — read the EPSS interpretation.
Affected products
- Checkmk Gmbh — versions 2.2.0, 2.3.0, 2.4.0
Weakness classification (CWE)
References
- checkmk.com/werk/19033 (vendor-advisory)
- checkmk.com/werk/19583 (vendor-advisory)
- www.vulncheck.com/advisories/checkmk-stored-cross-site-scripting-in-dashlet-tit… (third-party-advisory)