CVE-2026-0712

Name of the Vulnerable Software and Affected Versions Grafana OSS versions prior to 12.0.2+security-01 Grafana OSS versions prior to 11.6.3+security-01 Grafana OSS versions prior to 11.5.6+security-01 Grafana OSS versions prior to 11.4.6+security-01 Grafana OSS versions prior to 11.3.8+security-01 Grafana OSS version 11.5.0

Description An open redirect issue exists in Grafana OSS, potentially leading to Cross-Site Scripting (XSS) attacks. The vulnerability, introduced in version 11.5.0, allows for redirection to malicious websites. This can be combined with path traversal issues to further enable XSS exploitation.

Recommendations Update Grafana OSS to version 12.0.2+security-01 or later. Update Grafana OSS to version 11.6.3+security-01 or later. Update Grafana OSS to version 11.5.6+security-01 or later. Update Grafana OSS to version 11.4.6+security-01 or later. Update Grafana OSS to version 11.3.8+security-01 or later.