Medium severity5.4NVD Advisory· Published Mar 31, 2026· Updated Apr 2, 2026
CVE-2026-20915
CVE-2026-20915
Description
Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- checkmk.com/werk/19526nvdVendor Advisory
News mentions
0No linked articles in our index yet.