CVE-2026-33276
XSS in Unified Search via Unescaped Host/Service Names
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature.
| CWE | CWE-79 |
| Vendor | checkmk gmbh |
| Product | checkmk |
| Published | Mar 31, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for checkmk gmbh checkmk
Be the first to know when new unknown vulnerabilities affecting checkmk gmbh checkmk are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Checkmk GmbH / Checkmk
2.5.0b1 < 2.5.0b2