NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-8833
Summary

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another user interacts with the crafted link.

Publication Date June 8, 2026, 10:16 p.m.
Registration Date June 9, 2026, 4:14 a.m.
Last Update June 9, 2026, midnight
Related information, measures and tools
Common Vulnerabilities List