PatchSiren cyber security CVE debrief
CVE-2026-7765 Checkmk GmbH CVE debrief
CVE-2026-7765 is a medium-severity vulnerability in Checkmk versions prior to 2.5.0p5. The issue lies in the User Messages dashboard widget, where incorrect authorization allows an attacker with a valid public dashboard share token to read the dashboard creator's personal messages by sending requests to the underlying endpoint, even without a User Messages widget present.
- Vendor
- Checkmk GmbH
- Product
- Checkmk
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of Checkmk versions prior to 2.5.0p5 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 6.3 and is classified as CWE-863. It allows an attacker to access the dashboard creator's personal messages by exploiting the message-fetching endpoints.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Checkmk version 2.5.0p5 or later.
- Review and restrict access to dashboard share tokens.
- Monitor for suspicious activity on the User Messages dashboard widget.
Evidence notes
Evidence for this CVE comes from the NVD and Checkmk's official advisory.
Official resources
-
CVE-2026-7765 CVE record
CVE.org
-
CVE-2026-7765 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-7765 was published on 2026-06-08T13:16:33.627Z and modified on 2026-06-09T14:49:38.500Z.