CVE-2026-7765
User Messages widget leaked issuer messages on shared dashboards
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by sending requests to the underlying endpoint, even without a User Messages widget present.
| CWE | CWE-863 |
| Vendor | checkmk gmbh |
| Product | checkmk |
| Published | Jun 8, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for checkmk gmbh checkmk
Be the first to know when new unknown vulnerabilities affecting checkmk gmbh checkmk are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Checkmk GmbH / Checkmk
2.5.0 < 2.5.0p5