CVE-2026-0713

Name of the Vulnerable Software and Affected Versions Grafana (affected versions not specified)

Description A security issue exists in the /apis/dashboard.grafana.app/* API endpoints, allowing authenticated users to bypass dashboard and folder permissions. This affects all API versions (v0alpha1, v1alpha1, v2alpha1). Specifically, viewers can access all dashboards and folders regardless of assigned permissions. Editors can view, edit, and delete all dashboards and folders, irrespective of permissions, and can create dashboards in any folder. Anonymous users with viewer or editor roles are also affected. Organization isolation remains intact, and the issue is limited to dashboard access, not datasources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.