CVE-2026-8833
Description
Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 are vulnerable to XSS via HTML-encoded URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 are vulnerable to XSS via HTML-encoded URLs.
Vulnerability
Improper neutralization of HTML-encoded characters in the URL validation function within Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows for the injection of malicious URLs, such as javascript: URIs, by bypassing the intended validation mechanism [1].
Exploitation
An authenticated user can exploit this vulnerability by crafting a URL that includes HTML-encoded characters, which bypasses the URL validation. When another authenticated user interacts with this crafted link, the cross-site scripting vulnerability is triggered [1].
Impact
Successful exploitation allows an attacker to inject malicious URLs, leading to cross-site scripting (XSS). This can result in the execution of arbitrary JavaScript in the context of another user, potentially leading to session hijacking or other malicious actions.
Mitigation
Checkmk versions 2.5.0p5, 2.4.0p31, 2.3.0p48, and later versions contain a fix for this vulnerability. Users are advised to upgrade to a patched version. No workarounds are specified in the available references.
AI Insight generated on Jun 8, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
3a35953b1c7f8Fix stale success state in GenerateToken after token reset
1 file changed · +9 −1
packages/cmk-frontend-vue/src/mode-host/agent-connection-test/components/GenerateToken.vue+9 −1 modified@@ -4,7 +4,7 @@ This file is part of Checkmk (https://checkmk.com). It is subject to the terms a conditions defined in the file COPYING, which is part of this source code package. --> <script setup lang="ts"> -import { computed, ref } from 'vue' +import { computed, ref, watch } from 'vue' import { Api } from '@/lib/api-client' import usei18n from '@/lib/i18n' @@ -50,6 +50,14 @@ const ottGenerated = ref(false) const ottError = ref<Error | null>(null) const ottExpiry = ref<Date | null>(null) const noOTT = ref(false) + +watch(ott, (newValue) => { + if (newValue === null) { + ottGenerated.value = false + ottError.value = null + ottExpiry.value = null + } +}) const api = new Api('api/internal/', [['Content-Type', 'application/json']]) const tokenGenerationBody = ref<IAgentTokenGenerationRequestBody>(props.tokenGenerationBody)
4abde4a41de6Improvements for HTML Email template
2 files changed · +12 −6
notifications/templates/mail/base.html+8 −2 modified@@ -3,6 +3,12 @@ <head> <title>HTML Email template</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <style> + @media screen and (max-width: 460px) and (orientation: portrait) { + .iphone_padding { padding:0 !important;} + .iphone_event_marker_bulk { width:auto !important;} + } + </style> </head> <body> {% import 'macros.html' as macros %} @@ -31,7 +37,7 @@ } %} <table width="100%" style=" border-collapse: collapse; "> <tr> - <td align="center" style="padding: 20px;"> + <td align="center" style="padding: 20px;", class="iphone_padding"> <table width="100%" align="center" style="max-width: 600px; @@ -41,7 +47,7 @@ background-color: #ffffff"> {{ macros.margin_tr() }} <tr> - <td align="center" style="padding: 8px;"> + <td align="center" style="padding: 8px;" class="iphone_padding"> {% if not is_bulk or bulk_summary %} <table align="center" style=" border-collapse: collapse; width: 100%; min-width: 220px; max-width: 536px"">
notifications/templates/mail/bulk.html+4 −4 modified@@ -21,12 +21,12 @@ </tr> {% for entry in bulk_summary %} {% set bulk_service_notification = entry.WHAT == 'SERVICE' %} - <tr style=" border: 1px solid #DFDFDF; height: 35px"> + <tr style="border: 1px solid #DFDFDF; height: 35px"> <td style="border: 1px solid #DFDFDF; padding: 0% 2% 0 2%; width: 15%; word-break: break-all">{{ entry.LINKEDHOSTNAME | safe }}</td> - <td style=" border: 1px solid #DFDFDF; padding: 0% 2% 0 2%; "> + <td style="border: 1px solid #DFDFDF; padding: 0% 2% 0 2%"> {% if bulk_service_notification %}{{ entry.LINKEDSERVICEDESC | safe }}{% endif %} </td> <td height="33" @@ -37,7 +37,7 @@ <table style="border-collapse: collapse;" align="center"> <tr> <td style="padding: 0; vertical-align: middle;"> - <div style="{{ macros.event_marker_bulk_style() }}; + <div class="iphone_event_marker_bulk" style="{{ macros.event_marker_bulk_style() }}; {% if service_notification %} {{ state_mapping[data.PREVIOUSSERVICEHARDSTATE] }} {% else %} {{ state_mapping[data.PREVIOUSHOSTHARDSTATE] }} {% endif %}; display: inline-block; /* Inline block to respect width */"> @@ -65,7 +65,7 @@ <![endif]--> </td> <td style="padding: 0; vertical-align: middle;"> - <div style="{{ macros.event_marker_bulk_style() }}; + <div class="iphone_event_marker_bulk" style="{{ macros.event_marker_bulk_style() }}; {% if service_notification %} {{ state_mapping[data.SERVICESTATE] }} {% else %} {{ state_mapping[data.HOSTSTATE] }} {% endif %}; display: inline-block; /* Inline block to respect width */">
779a2941a075Bumped redfish mkp to 2.3.38
1 file changed · +3 −3
package_versions.bzl+3 −3 modified@@ -72,9 +72,9 @@ NET_SNMP_SHA256 = "75b59d67e871aaaa31c8cef89ba7d06972782b97736b7e8c3399f36b50a88 ROBOTMK_VERSION = "v2.0.0" ROBOTMK_SHA256 = "656126f7510854a294b28d789b0c138dfbd2a58e5d9f3ec4a5d8c9c88729cb42" -REDFISH_MKP_VERSION = "2.3.37" -REDFISH_MKP_COMMIT_HASH = "f0aaa5bc7296dfd5438dbde4d144cadabd693560" -REDFISH_MKP_SHA256 = "c9a738c2c9647841c618bc463e560984e586e241b1cf01b8d10e3f3cb1267c41" +REDFISH_MKP_VERSION = "2.3.38" +REDFISH_MKP_COMMIT_HASH = "35b0ef91252bbba9b147ec12dc120bcc70bb3cf6" +REDFISH_MKP_SHA256 = "c388a2b5525a55a6e0b175c014a3cb375062b4643d2ceed7ee188c054b2f0c8c" RRDTOOL_VERSION = "1.7.2" RRDTOOL_SHA256 = "a199faeb7eff7cafc46fac253e682d833d08932f3db93a550a4a5af180ca58db"
Vulnerability mechanics
Root cause
"Improper neutralization of HTML-encoded characters in URL validation allows for the injection of malicious URLs."
Attack vector
An authenticated user can craft a URL containing HTML-encoded characters, such as javascript: URIs, and submit it to the system. The URL validation function fails to properly neutralize these encoded characters. When another user interacts with the crafted link, the malicious URL is executed, leading to a cross-site scripting vulnerability.
Affected code
The vulnerability lies within the URL validation function of the Checkmk frontend. The specific file and function responsible for this validation are not detailed in the provided patch information. However, the patch [patch_id=5214546] modifies `packages/cmk-frontend-vue/src/mode-host/agent-connection-test/components/GenerateToken.vue`, suggesting that components related to user input and URL handling are involved.
What the fix does
The patch addresses the issue by improving the handling of URL validation. While the provided patch focuses on a different component related to token generation [patch_id=5214546], the vulnerability description indicates a flaw in URL validation logic. The fix likely involves ensuring that HTML-encoded characters within URLs are correctly decoded or escaped before being processed or displayed, preventing the injection of malicious scripts.
Preconditions
- authThe attacker must be an authenticated user.
Generated on Jun 8, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.