CVE Catalog

CVE-2026-7765

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile - higher than 13% of all known CVEs

Summary

Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 allows the message-fetching endpoints to return the dashboard creator's messages instead of the viewer's. An attacker who knows a valid public dashboard share token can read the issuer's personal messages by sending requests to the underlying endpoint.

Risk Assessment

The organization may be exposed to the disclosure of sensitive information, potentially leading to privacy breaches and loss of trust in the system.

Recommendation

It is recommended to update Checkmk to version 2.5.0p5 or later to mitigate this vulnerability and review the access policy for dashboards.

Original NVD description (English source)

Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by sending requests to the underlying endpoint, even without a User Messages widget present.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS