CVE-2026-20915 in Checkmkinfo

Summary

Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar.

Responsible

Checkmk

Reservation

03/23/2026

Disclosure

03/31/2026

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
354409Checkmk cross site scripting79Not definedOfficial fixCVE-2026-20915

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!