CVE-2026-9549
Fix XSS in service discovery active check output
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an admin or a user with host read permissions when they run the check on the service discovery page.
| CWE | CWE-79 |
| Vendor | checkmk gmbh |
| Product | checkmk |
| Published | Jun 8, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for checkmk gmbh checkmk
Be the first to know when new unknown vulnerabilities affecting checkmk gmbh checkmk are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Checkmk GmbH / Checkmk
2.5.0 < 2.5.0p5 2.4.0 < 2.4.0p31 2.3.0 < 2.3.0p48 2.2.0