CVE-2026-8078

EUVD-2026-35052
Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the Activate Changes page or Audit log.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
checkmkcheckmk
2.2.0
checkmkcheckmk
2.2.0:b1
checkmkcheckmk
2.2.0:b2
checkmkcheckmk
2.2.0:b3
checkmkcheckmk
2.2.0:b4
checkmkcheckmk
2.2.0:b5
checkmkcheckmk
2.2.0:b6
checkmkcheckmk
2.2.0:b7
checkmkcheckmk
2.2.0:b8
checkmkcheckmk
2.2.0:i1
checkmkcheckmk
2.2.0:p1
checkmkcheckmk
2.2.0:p10
checkmkcheckmk
2.2.0:p11
checkmkcheckmk
2.2.0:p12
checkmkcheckmk
2.2.0:p13
checkmkcheckmk
2.2.0:p14
checkmkcheckmk
2.2.0:p15
checkmkcheckmk
2.2.0:p16
checkmkcheckmk
2.2.0:p17
checkmkcheckmk
2.2.0:p18
checkmkcheckmk
2.2.0:p19
checkmkcheckmk
2.2.0:p2
checkmkcheckmk
2.2.0:p20
checkmkcheckmk
2.2.0:p21
checkmkcheckmk
2.2.0:p22
checkmkcheckmk
2.2.0:p23
checkmkcheckmk
2.2.0:p24
checkmkcheckmk
2.2.0:p25
checkmkcheckmk
2.2.0:p26
checkmkcheckmk
2.2.0:p27
checkmkcheckmk
2.2.0:p28
checkmkcheckmk
2.2.0:p29
checkmkcheckmk
2.2.0:p3
checkmkcheckmk
2.2.0:p30
checkmkcheckmk
2.2.0:p31
checkmkcheckmk
2.2.0:p32
checkmkcheckmk
2.2.0:p33
checkmkcheckmk
2.2.0:p34
checkmkcheckmk
2.2.0:p35
checkmkcheckmk
2.2.0:p36
checkmkcheckmk
2.2.0:p37
checkmkcheckmk
2.2.0:p38
checkmkcheckmk
2.2.0:p39
checkmkcheckmk
2.2.0:p4
checkmkcheckmk
2.2.0:p40
checkmkcheckmk
2.2.0:p41
checkmkcheckmk
2.2.0:p42
checkmkcheckmk
2.2.0:p43
checkmkcheckmk
2.2.0:p44
checkmkcheckmk
2.2.0:p45
checkmkcheckmk
2.2.0:p46
checkmkcheckmk
2.2.0:p47
checkmkcheckmk
2.2.0:p5
checkmkcheckmk
2.2.0:p6
checkmkcheckmk
2.2.0:p7
checkmkcheckmk
2.2.0:p8
checkmkcheckmk
2.2.0:p9
checkmkcheckmk
2.3.0
checkmkcheckmk
2.3.0:b1
checkmkcheckmk
2.3.0:b2
checkmkcheckmk
2.3.0:b3
checkmkcheckmk
2.3.0:b4
checkmkcheckmk
2.3.0:b5
checkmkcheckmk
2.3.0:b6
checkmkcheckmk
2.3.0:p1
checkmkcheckmk
2.3.0:p10
checkmkcheckmk
2.3.0:p11
checkmkcheckmk
2.3.0:p12
checkmkcheckmk
2.3.0:p13
checkmkcheckmk
2.3.0:p14
checkmkcheckmk
2.3.0:p15
checkmkcheckmk
2.3.0:p16
checkmkcheckmk
2.3.0:p17
checkmkcheckmk
2.3.0:p18
checkmkcheckmk
2.3.0:p19
checkmkcheckmk
2.3.0:p2
checkmkcheckmk
2.3.0:p20
checkmkcheckmk
2.3.0:p21
checkmkcheckmk
2.3.0:p22
checkmkcheckmk
2.3.0:p23
checkmkcheckmk
2.3.0:p24
checkmkcheckmk
2.3.0:p25
checkmkcheckmk
2.3.0:p26
checkmkcheckmk
2.3.0:p27
checkmkcheckmk
2.3.0:p28
checkmkcheckmk
2.3.0:p29
checkmkcheckmk
2.3.0:p3
checkmkcheckmk
2.3.0:p30
checkmkcheckmk
2.3.0:p31
checkmkcheckmk
2.3.0:p32
checkmkcheckmk
2.3.0:p33
checkmkcheckmk
2.3.0:p34
checkmkcheckmk
2.3.0:p35
checkmkcheckmk
2.3.0:p36
checkmkcheckmk
2.3.0:p37
checkmkcheckmk
2.3.0:p38
checkmkcheckmk
2.3.0:p39
checkmkcheckmk
2.3.0:p4
checkmkcheckmk
2.3.0:p40
checkmkcheckmk
2.3.0:p41
checkmkcheckmk
2.3.0:p42
checkmkcheckmk
2.3.0:p43
checkmkcheckmk
2.3.0:p44
checkmkcheckmk
2.3.0:p45
checkmkcheckmk
2.3.0:p46
checkmkcheckmk
2.3.0:p47
checkmkcheckmk
2.3.0:p5
checkmkcheckmk
2.3.0:p6
checkmkcheckmk
2.3.0:p7
checkmkcheckmk
2.3.0:p8
checkmkcheckmk
2.3.0:p9
checkmkcheckmk
2.4.0
checkmkcheckmk
2.4.0
checkmkcheckmk
2.4.0:b1
checkmkcheckmk
2.4.0:b2
checkmkcheckmk
2.4.0:b3
checkmkcheckmk
2.4.0:b4
checkmkcheckmk
2.4.0:b5
checkmkcheckmk
2.4.0:b6
checkmkcheckmk
2.4.0:p1
checkmkcheckmk
2.4.0:p10
checkmkcheckmk
2.4.0:p11
checkmkcheckmk
2.4.0:p12
checkmkcheckmk
2.4.0:p13
checkmkcheckmk
2.4.0:p14
checkmkcheckmk
2.4.0:p15
checkmkcheckmk
2.4.0:p16
checkmkcheckmk
2.4.0:p17
checkmkcheckmk
2.4.0:p18
checkmkcheckmk
2.4.0:p19
checkmkcheckmk
2.4.0:p2
checkmkcheckmk
2.4.0:p20
checkmkcheckmk
2.4.0:p21
checkmkcheckmk
2.4.0:p22
checkmkcheckmk
2.4.0:p23
checkmkcheckmk
2.4.0:p24
checkmkcheckmk
2.4.0:p25
checkmkcheckmk
2.4.0:p26
checkmkcheckmk
2.4.0:p27
checkmkcheckmk
2.4.0:p28
checkmkcheckmk
2.4.0:p29
checkmkcheckmk
2.4.0:p3
checkmkcheckmk
2.4.0:p30
checkmkcheckmk
2.4.0:p4
checkmkcheckmk
2.4.0:p5
checkmkcheckmk
2.4.0:p6
checkmkcheckmk
2.4.0:p7
checkmkcheckmk
2.4.0:p8
checkmkcheckmk
2.4.0:p9
checkmkcheckmk
2.5.0
checkmkcheckmk
2.5.0:b1
checkmkcheckmk
2.5.0:b2
checkmkcheckmk
2.5.0:b3
checkmkcheckmk
2.5.0:p1
checkmkcheckmk
2.5.0:p2
checkmkcheckmk
2.5.0:p3
checkmkcheckmk
2.5.0:p4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://checkmk.com/werk/17992