CVE-2026-33276 in Checkmkinfo

Summary

Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

Checkmk

Reservation

03/23/2026

Disclosure

03/31/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354410	Checkmk Unified Search cross site scripting	79	Not defined	Official fix	CVE-2026-33276

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!