CVE-2026-3466

EUVD-2026-19605
Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting (XSS) attacks by tricking a victim into clicking a crafted dashlet title link on a shared dashboard.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
checkmkcheckmk
2.2.0
checkmkcheckmk
2.2.0:b1
checkmkcheckmk
2.2.0:b2
checkmkcheckmk
2.2.0:b3
checkmkcheckmk
2.2.0:b4
checkmkcheckmk
2.2.0:b5
checkmkcheckmk
2.2.0:b6
checkmkcheckmk
2.2.0:b7
checkmkcheckmk
2.2.0:b8
checkmkcheckmk
2.2.0:i1
checkmkcheckmk
2.2.0:p1
checkmkcheckmk
2.2.0:p10
checkmkcheckmk
2.2.0:p11
checkmkcheckmk
2.2.0:p12
checkmkcheckmk
2.2.0:p13
checkmkcheckmk
2.2.0:p14
checkmkcheckmk
2.2.0:p15
checkmkcheckmk
2.2.0:p16
checkmkcheckmk
2.2.0:p17
checkmkcheckmk
2.2.0:p18
checkmkcheckmk
2.2.0:p19
checkmkcheckmk
2.2.0:p2
checkmkcheckmk
2.2.0:p20
checkmkcheckmk
2.2.0:p21
checkmkcheckmk
2.2.0:p22
checkmkcheckmk
2.2.0:p23
checkmkcheckmk
2.2.0:p24
checkmkcheckmk
2.2.0:p25
checkmkcheckmk
2.2.0:p26
checkmkcheckmk
2.2.0:p27
checkmkcheckmk
2.2.0:p28
checkmkcheckmk
2.2.0:p29
checkmkcheckmk
2.2.0:p3
checkmkcheckmk
2.2.0:p30
checkmkcheckmk
2.2.0:p31
checkmkcheckmk
2.2.0:p32
checkmkcheckmk
2.2.0:p33
checkmkcheckmk
2.2.0:p34
checkmkcheckmk
2.2.0:p35
checkmkcheckmk
2.2.0:p36
checkmkcheckmk
2.2.0:p37
checkmkcheckmk
2.2.0:p38
checkmkcheckmk
2.2.0:p39
checkmkcheckmk
2.2.0:p4
checkmkcheckmk
2.2.0:p40
checkmkcheckmk
2.2.0:p41
checkmkcheckmk
2.2.0:p42
checkmkcheckmk
2.2.0:p43
checkmkcheckmk
2.2.0:p44
checkmkcheckmk
2.2.0:p45
checkmkcheckmk
2.2.0:p46
checkmkcheckmk
2.2.0:p47
checkmkcheckmk
2.2.0:p5
checkmkcheckmk
2.2.0:p6
checkmkcheckmk
2.2.0:p7
checkmkcheckmk
2.2.0:p8
checkmkcheckmk
2.2.0:p9
checkmkcheckmk
2.3.0
checkmkcheckmk
2.3.0:b1
checkmkcheckmk
2.3.0:b2
checkmkcheckmk
2.3.0:b3
checkmkcheckmk
2.3.0:b4
checkmkcheckmk
2.3.0:b5
checkmkcheckmk
2.3.0:b6
checkmkcheckmk
2.3.0:p1
checkmkcheckmk
2.3.0:p10
checkmkcheckmk
2.3.0:p11
checkmkcheckmk
2.3.0:p12
checkmkcheckmk
2.3.0:p13
checkmkcheckmk
2.3.0:p14
checkmkcheckmk
2.3.0:p15
checkmkcheckmk
2.3.0:p16
checkmkcheckmk
2.3.0:p17
checkmkcheckmk
2.3.0:p18
checkmkcheckmk
2.3.0:p19
checkmkcheckmk
2.3.0:p2
checkmkcheckmk
2.3.0:p20
checkmkcheckmk
2.3.0:p21
checkmkcheckmk
2.3.0:p22
checkmkcheckmk
2.3.0:p23
checkmkcheckmk
2.3.0:p24
checkmkcheckmk
2.3.0:p25
checkmkcheckmk
2.3.0:p26
checkmkcheckmk
2.3.0:p27
checkmkcheckmk
2.3.0:p28
checkmkcheckmk
2.3.0:p29
checkmkcheckmk
2.3.0:p3
checkmkcheckmk
2.3.0:p30
checkmkcheckmk
2.3.0:p31
checkmkcheckmk
2.3.0:p32
checkmkcheckmk
2.3.0:p33
checkmkcheckmk
2.3.0:p34
checkmkcheckmk
2.3.0:p35
checkmkcheckmk
2.3.0:p36
checkmkcheckmk
2.3.0:p37
checkmkcheckmk
2.3.0:p38
checkmkcheckmk
2.3.0:p39
checkmkcheckmk
2.3.0:p4
checkmkcheckmk
2.3.0:p40
checkmkcheckmk
2.3.0:p41
checkmkcheckmk
2.3.0:p42
checkmkcheckmk
2.3.0:p43
checkmkcheckmk
2.3.0:p44
checkmkcheckmk
2.3.0:p45
checkmkcheckmk
2.3.0:p5
checkmkcheckmk
2.3.0:p6
checkmkcheckmk
2.3.0:p7
checkmkcheckmk
2.3.0:p8
checkmkcheckmk
2.3.0:p9
checkmkcheckmk
2.4.0
checkmkcheckmk
2.4.0:b1
checkmkcheckmk
2.4.0:b2
checkmkcheckmk
2.4.0:b3
checkmkcheckmk
2.4.0:b4
checkmkcheckmk
2.4.0:b5
checkmkcheckmk
2.4.0:b6
checkmkcheckmk
2.4.0:p1
checkmkcheckmk
2.4.0:p10
checkmkcheckmk
2.4.0:p11
checkmkcheckmk
2.4.0:p12
checkmkcheckmk
2.4.0:p13
checkmkcheckmk
2.4.0:p14
checkmkcheckmk
2.4.0:p15
checkmkcheckmk
2.4.0:p16
checkmkcheckmk
2.4.0:p17
checkmkcheckmk
2.4.0:p18
checkmkcheckmk
2.4.0:p19
checkmkcheckmk
2.4.0:p2
checkmkcheckmk
2.4.0:p20
checkmkcheckmk
2.4.0:p21
checkmkcheckmk
2.4.0:p22
checkmkcheckmk
2.4.0:p23
checkmkcheckmk
2.4.0:p24
checkmkcheckmk
2.4.0:p3
checkmkcheckmk
2.4.0:p4
checkmkcheckmk
2.4.0:p5
checkmkcheckmk
2.4.0:p6
checkmkcheckmk
2.4.0:p7
checkmkcheckmk
2.4.0:p8
checkmkcheckmk
2.4.0:p9
checkmkcheckmk
2.5.0:b1
checkmkcheckmk
2.5.0:b2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
check-mk
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
xenial
ignored
Common Weakness Enumeration
References
https://checkmk.com/werk/19033
https://checkmk.com/werk/19583
https://www.vulncheck.com/advisories/checkmk-stored-cross-site-scripting-in-dashlet-title