PT-2026-28370 · Grafana+2 · Grafana+2

Published

2026-03-27

Updated

2026-06-10

CVE-2026-27877

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Versions (affected versions not specified)

Description When using public dashboards and direct data-sources, passwords for direct data-sources are exposed even if they are not actively used in dashboards. Passwords for proxied data-sources are not exposed. It is recommended to convert direct data-sources to proxied data-sources to enhance security.

Recommendations Convert direct data-sources to proxied data-sources.

Fix

Information Disclosure

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-312

Related Identifiers

ALSA-2026:10223

ALSA-2026:10226

ALSA-2026:19134

ALSA-2026:19352

BIT-GRAFANA-2026-27877

CVE-2026-27877

GHSA-3Q27-7QJQ-P9C5

OPENSUSE-SU-2026:10601-1

OPENSUSE-SU-2026:20940-1

RHSA-2026:10223

RHSA-2026:10226

RHSA-2026:11416

RHSA-2026:11417

RHSA-2026:19134

RHSA-2026:19352

SUSE-SU-2026:1524-1

Affected Products

Grafana

Red Os

Rocky Linux

PT-2026-28370 · Grafana+2 · Grafana+2

CVE-2026-27877

Weakness Enumeration

Related Identifiers

Affected Products

References · 114