These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-9549 is a MEDIUM severity vulnerability in Checkmk versions before 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions. This vulnerability allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an admin or a user with host read permissions when they run the check on the service discovery page.
CVE-2026-8833 is a HIGH severity vulnerability in Checkmk versions <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions. It allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another user interacts with the crafted link.
CVE-2026-8078 is a MEDIUM severity vulnerability in Checkmk versions <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions. An administrator can store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the Activate Changes page or Audit log.
CVE-2026-7765 is a medium-severity vulnerability in Checkmk versions prior to 2.5.0p5. The issue lies in the User Messages dashboard widget, where incorrect authorization allows an attacker with a valid public dashboard share token to read the dashboard creator's personal messages by sending requests to the underlying endpoint, even without a User Messages widget present.
CVE-2026-7186 is a HIGH severity vulnerability in Checkmk versions <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions. It allows users with dashboard editing permissions to store a URL with a dangerous URI scheme, such as javascript:, that executes scripts in other users' browsers when they view the dashboard.