Primary

Context

Checkmk Cross-Site Scripting Vulnerability in Synthetic Monitoring Logs

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in Checkmk versions 2.4.0 prior to 2.4.0p22, and 2.3.0 prior to 2.3.0p43. This vulnerability allows an attacker who can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs. The injected script can be accessed through a crafted phishing link, exploiting the way Checkmk renders these logs in the user interface.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users are advised to update to Checkmk versions 2.4.0p22 or 2.3.0p43. Phishing links that could exploit this vulnerability should not be clicked.

Added: Feb 26, 2026, 11:32 AM

Updated: Feb 26, 2026, 11:32 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

3.8

remediation

7.9

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

3.8

remediation

7.9

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkmk Cross-Site Scripting Vulnerability in Synthetic Monitoring Logs

Vulnerability

Impact

Remediation

Affected Products

Checkmk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating