Vulnerability Details CVE-2026-7186
Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the dashboard.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2026-7186
-
cpe:2.3:a:checkmk:checkmk:2.2.0
-
cpe:2.3:a:checkmk:checkmk:2.3.0
-
cpe:2.3:a:checkmk:checkmk:2.4.0
-
cpe:2.3:a:checkmk:checkmk:2.5.0