CVE-2026-8078
Fix stored XSS in global settings change log
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the Activate Changes page or Audit log.
| CWE | CWE-79 |
| Vendor | checkmk gmbh |
| Product | checkmk |
| Published | Jun 8, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for checkmk gmbh checkmk
Be the first to know when new unknown vulnerabilities affecting checkmk gmbh checkmk are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Checkmk GmbH / Checkmk
2.5.0 < 2.5.0p5 2.4.0 < 2.4.0p31 2.3.0 < 2.3.0p48 2.2.0