Checkmk

This hub aggregates every CVE we track for Checkmk, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Checkmk.

• CVE-2026-9549Fix XSS in service discovery active check output4.8Jun 8, 2026
• CVE-2026-8833XSS in urls5.4Jun 8, 2026
• CVE-2026-8078Fix stored XSS in global settings change log4.8Jun 8, 2026
• CVE-2026-7765User Messages widget leaked issuer messages on shared dashboards5.3Jun 8, 2026
• CVE-2026-7186Fix stored XSS in URL dashboard widget via dangerous URI schemes5.4Jun 8, 2026
• CVE-2026-33457Potential livestatus injection in prediction graph page6.3Apr 10, 2026
• CVE-2026-33456Potential livestatus injection in notification test7.6Apr 10, 2026
• CVE-2026-33455Livestatus injection in monitoring quicksearch6.3Apr 10, 2026
• CVE-2025-39666omd: Local privilege escalation when executing omd commands as root7.3Apr 7, 2026
• CVE-2026-3466Cross-site scripting in dashlet title5.4Apr 7, 2026
• CVE-2026-24096Insufficient permission validation on multiple REST API Quick Setup endpoints8.8Apr 1, 2026
• CVE-2026-20915Stored cross-site scripting in Pending Changes sidebar5.4Mar 31, 2026
• CVE-2026-33276XSS in Unified Search via Unescaped Host/Service Names5.4Mar 31, 2026
• CVE-2025-64998Session hijacking via exposed session signing secret in distributed Checkmk setups7.2Mar 24, 2026
• CVE-2026-2859Unauthenticated Host Enumeration via Observable Response Discrepancy on Deploy Agent Endpoint4.3Mar 13, 2026