CVE-2026-21722
Last modified
CVE-2026-21722 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Grafana | Grafana | >= 9.3.0, < 11.6.10 |
| Grafana | Grafana | >= 12.0.0, < 12.1.6 |
| Grafana | Grafana | >= 12.2.0, <= 12.2.4 |
| Grafana | Grafana | >= 12.3.0, <= 12.3.2 |
| Grafana | Grafana | 11.6.10 |
| Grafana | Grafana | 12.1.6 |
| Grafana | Grafana | 12.2.4 |
| Grafana | Grafana | 12.3.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-21722?
How severe is CVE-2026-21722?
How do I fix CVE-2026-21722?
Are you affected by CVE-2026-21722?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST