Grafana · Grafana · CVE-2026-21722
**Name of the Vulnerable Software and Affected Versions**
Grafana (affected versions not specified)
**Description**
Public dashboards with annotations enabled did not restrict the annotation timerange to the locked timerange of the public dashboard. This allowed reading the complete history of annotations visible on the dashboard, even those outside the locked timerange. The issue did not expose annotations that were not already visible on the public dashboard.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.