PatchSiren cyber security CVE debrief
CVE-2026-9549 Checkmk GmbH CVE debrief
CVE-2026-9549 is a MEDIUM severity vulnerability in Checkmk versions before 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions. This vulnerability allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an admin or a user with host read permissions when they run the check on the service discovery page.
- Vendor
- Checkmk GmbH
- Product
- Checkmk
- CVSS
- MEDIUM 4.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of Checkmk versions before 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions who have host read permissions or can configure active or custom checks.
Technical summary
The vulnerability is caused by a lack of proper input validation and sanitization in the service discovery active check output. An attacker with the ability to configure active or custom checks can inject malicious HTML or JavaScript code into the check output.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Checkmk version 2.5.0p5 or later, 2.4.0p31 or later, or 2.3.0p48 or later.
- Restrict access to active and custom check configuration to trusted administrators.
- Monitor service discovery page output for suspicious activity.
Evidence notes
The CVE-2026-9549 vulnerability was published on 2026-06-08T13:16:34.030Z and modified on 2026-06-08T15:53:09.253Z. The vulnerability has a CVSS score of 4.8 and is classified as MEDIUM severity.
Official resources
-
CVE-2026-9549 CVE record
CVE.org
-
CVE-2026-9549 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
public