Executive Summary

CVE-2026-7765 is a security vulnerability in Checkmk versions earlier than 2.5.0p5 involving the User Messages dashboard widget on shared dashboards.

The issue arises because the message-fetching endpoints return the dashboard creator's personal messages instead of the viewer's messages when accessed with a valid public dashboard share token.

This means an attacker who knows a valid share token can read the issuer's personal messages by sending requests to the underlying endpoint, even if the User Messages widget is not present on the dashboard.

The vulnerability was fixed by removing the vulnerable endpoint and replacing the widget with a placeholder on shared dashboards.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of personal messages belonging to the dashboard creator.

An attacker with access to a valid public dashboard share token can read sensitive personal messages without needing further privileges or user interaction.

This could result in privacy breaches, exposure of confidential information, and potential misuse of the leaked data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by identifying requests made to the message-fetching endpoint associated with the User Messages widget on shared dashboards, specifically the endpoint get_user_messages_token_auth.py. Monitoring network traffic for requests containing valid public dashboard share tokens accessing this endpoint may indicate exploitation attempts.

Since the vulnerability involves unauthorized access via a valid share token, commands or tools that inspect HTTP requests for such tokens or unusual access patterns to the message-fetching endpoint could be used.

• Use network monitoring tools like tcpdump or Wireshark to filter HTTP requests to the endpoint get_user_messages_token_auth.py.
• Example tcpdump command: tcpdump -i any -A 'tcp port 80 or tcp port 443' | grep 'get_user_messages_token_auth.py'
• Check web server logs for requests containing share tokens accessing the message-fetching endpoint.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include revoking all shared-dashboard tokens to prevent unauthorized access via valid tokens.

Applying the official fix by upgrading Checkmk to version 2.5.0p5 or later is essential, as the fix removes the vulnerable endpoint and replaces the User Messages widget on shared dashboards with a placeholder.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthorized access to personal user messages via shared dashboard tokens, potentially exposing sensitive personal information.

Such unauthorized disclosure of personal messages could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls on personal and sensitive data access.

Organizations using affected Checkmk versions should consider this risk and revoke shared-dashboard tokens until the vulnerability is fixed to maintain compliance.

Useful 0 Not Useful 0