CVE-2026-7186
Description
Stored XSS in Checkmk's URL dashboard widget allows authenticated users to execute arbitrary JavaScript in other users' browsers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Checkmk's URL dashboard widget allows authenticated users to execute arbitrary JavaScript in other users' browsers.
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in the URL dashboard widget of Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions. This vulnerability allows a user with dashboard editing permissions to store a URL containing a dangerous URI scheme, such as javascript:, within the widget. When other users view the dashboard containing this malicious URL, the embedded scripts are executed in their browsers [1].
Exploitation
An attacker requires dashboard editing permissions to exploit this vulnerability. The attacker must first store a URL with a dangerous URI scheme (e.g., javascript:) in the URL dashboard widget. The vulnerability is triggered when a victim views the dashboard containing this malicious widget, for example, by navigating through Customize > Dashboards or the Monitor menu [1].
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript code in the context of other users' browsers. This can lead to session hijacking, data theft, or further malicious actions within the affected application, depending on the privileges of the victim user and the nature of the executed script [1].
Mitigation
Checkmk has released patches for this vulnerability. Affected versions include 2.5.0, 2.4.0, and 2.3.0. Version 2.2.0 is End-of-Life (EOL). The fix involves restricting the URL widget to only accept http and https URL schemes. Existing dashboards with valid URLs will continue to function, while others will display "Invalid URL" [1].
AI Insight generated on Jun 8, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
3a35953b1c7f8Fix stale success state in GenerateToken after token reset
1 file changed · +9 −1
packages/cmk-frontend-vue/src/mode-host/agent-connection-test/components/GenerateToken.vue+9 −1 modified@@ -4,7 +4,7 @@ This file is part of Checkmk (https://checkmk.com). It is subject to the terms a conditions defined in the file COPYING, which is part of this source code package. --> <script setup lang="ts"> -import { computed, ref } from 'vue' +import { computed, ref, watch } from 'vue' import { Api } from '@/lib/api-client' import usei18n from '@/lib/i18n' @@ -50,6 +50,14 @@ const ottGenerated = ref(false) const ottError = ref<Error | null>(null) const ottExpiry = ref<Date | null>(null) const noOTT = ref(false) + +watch(ott, (newValue) => { + if (newValue === null) { + ottGenerated.value = false + ottError.value = null + ottExpiry.value = null + } +}) const api = new Api('api/internal/', [['Content-Type', 'application/json']]) const tokenGenerationBody = ref<IAgentTokenGenerationRequestBody>(props.tokenGenerationBody)
4abde4a41de6Improvements for HTML Email template
2 files changed · +12 −6
notifications/templates/mail/base.html+8 −2 modified@@ -3,6 +3,12 @@ <head> <title>HTML Email template</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <style> + @media screen and (max-width: 460px) and (orientation: portrait) { + .iphone_padding { padding:0 !important;} + .iphone_event_marker_bulk { width:auto !important;} + } + </style> </head> <body> {% import 'macros.html' as macros %} @@ -31,7 +37,7 @@ } %} <table width="100%" style=" border-collapse: collapse; "> <tr> - <td align="center" style="padding: 20px;"> + <td align="center" style="padding: 20px;", class="iphone_padding"> <table width="100%" align="center" style="max-width: 600px; @@ -41,7 +47,7 @@ background-color: #ffffff"> {{ macros.margin_tr() }} <tr> - <td align="center" style="padding: 8px;"> + <td align="center" style="padding: 8px;" class="iphone_padding"> {% if not is_bulk or bulk_summary %} <table align="center" style=" border-collapse: collapse; width: 100%; min-width: 220px; max-width: 536px"">
notifications/templates/mail/bulk.html+4 −4 modified@@ -21,12 +21,12 @@ </tr> {% for entry in bulk_summary %} {% set bulk_service_notification = entry.WHAT == 'SERVICE' %} - <tr style=" border: 1px solid #DFDFDF; height: 35px"> + <tr style="border: 1px solid #DFDFDF; height: 35px"> <td style="border: 1px solid #DFDFDF; padding: 0% 2% 0 2%; width: 15%; word-break: break-all">{{ entry.LINKEDHOSTNAME | safe }}</td> - <td style=" border: 1px solid #DFDFDF; padding: 0% 2% 0 2%; "> + <td style="border: 1px solid #DFDFDF; padding: 0% 2% 0 2%"> {% if bulk_service_notification %}{{ entry.LINKEDSERVICEDESC | safe }}{% endif %} </td> <td height="33" @@ -37,7 +37,7 @@ <table style="border-collapse: collapse;" align="center"> <tr> <td style="padding: 0; vertical-align: middle;"> - <div style="{{ macros.event_marker_bulk_style() }}; + <div class="iphone_event_marker_bulk" style="{{ macros.event_marker_bulk_style() }}; {% if service_notification %} {{ state_mapping[data.PREVIOUSSERVICEHARDSTATE] }} {% else %} {{ state_mapping[data.PREVIOUSHOSTHARDSTATE] }} {% endif %}; display: inline-block; /* Inline block to respect width */"> @@ -65,7 +65,7 @@ <![endif]--> </td> <td style="padding: 0; vertical-align: middle;"> - <div style="{{ macros.event_marker_bulk_style() }}; + <div class="iphone_event_marker_bulk" style="{{ macros.event_marker_bulk_style() }}; {% if service_notification %} {{ state_mapping[data.SERVICESTATE] }} {% else %} {{ state_mapping[data.HOSTSTATE] }} {% endif %}; display: inline-block; /* Inline block to respect width */">
779a2941a075Bumped redfish mkp to 2.3.38
1 file changed · +3 −3
package_versions.bzl+3 −3 modified@@ -72,9 +72,9 @@ NET_SNMP_SHA256 = "75b59d67e871aaaa31c8cef89ba7d06972782b97736b7e8c3399f36b50a88 ROBOTMK_VERSION = "v2.0.0" ROBOTMK_SHA256 = "656126f7510854a294b28d789b0c138dfbd2a58e5d9f3ec4a5d8c9c88729cb42" -REDFISH_MKP_VERSION = "2.3.37" -REDFISH_MKP_COMMIT_HASH = "f0aaa5bc7296dfd5438dbde4d144cadabd693560" -REDFISH_MKP_SHA256 = "c9a738c2c9647841c618bc463e560984e586e241b1cf01b8d10e3f3cb1267c41" +REDFISH_MKP_VERSION = "2.3.38" +REDFISH_MKP_COMMIT_HASH = "35b0ef91252bbba9b147ec12dc120bcc70bb3cf6" +REDFISH_MKP_SHA256 = "c388a2b5525a55a6e0b175c014a3cb375062b4643d2ceed7ee188c054b2f0c8c" RRDTOOL_VERSION = "1.7.2" RRDTOOL_SHA256 = "a199faeb7eff7cafc46fac253e682d833d08932f3db93a550a4a5af180ca58db"
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
1- checkmk.com/werk/17991nvdVendor Advisory
News mentions
0No linked articles in our index yet.