CVE-2026-21724

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Grafana OSS (affected versions not specified)

Description An authorization bypass exists in the provisioning contact points API. This allows users with the Editor role to modify protected webhook URLs without the necessary alert.notifications.receivers.protected:write permission. The affected API endpoint is used for provisioning contact points.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

BDU:2026-07792

BIT-GRAFANA-2026-21724

CVE-2026-21724

GHSA-7G92-G4VH-HP84

OPENSUSE-SU-2026:10601-1

SUSE-SU-2026:1524-1

Affected Products

Grafana

Grafana Oss

Red Os

CVE-2026-21724

Weakness Enumeration

Related Identifiers

Affected Products

References · 67