CVE-2026-9549EPSS p3.9%

CVE-2026-9549CVE-2026-9549

checkmk / checkmk

Description

Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an admin or a user with host read permissions when they run the check on the service discovery page.

Scoring

CVSS 4.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS0.14% probability of exploitation · percentile 3.9% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-39663
CVE
CVE-2026-8078
CVE
CVE-2026-7186
CVE
CVE-2026-8833
CVE
CVE-2026-24096
CVE
CVE-2025-32918
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.