PT-2026-3006 · Grafana · Grafana
Published
2026-01-15
·
Updated
2026-01-17
·
CVE-2026-22639
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Grafana versions prior to 10.4.19+security-01
Grafana versions prior to 11.2.10+security-01
Grafana versions prior to 11.3.7+security-01
Grafana versions prior to 11.4.5+security-01
Grafana versions prior to 11.5.5+security-01
Grafana versions prior to 11.6.2+security-01
Grafana versions prior to 12.0.1+security-01
Description
Grafana, an open-source platform for monitoring and observability, had an issue with its Alerting DingDing integration. The integration was not adequately protected, potentially exposing it to users with Viewer permission.
Recommendations
Update to Grafana version 10.4.19+security-01 or later.
Update to Grafana version 11.2.10+security-01 or later.
Update to Grafana version 11.3.7+security-01 or later.
Update to Grafana version 11.4.5+security-01 or later.
Update to Grafana version 11.5.5+security-01 or later.
Update to Grafana version 11.6.2+security-01 or later.
Update to Grafana version 12.0.1+security-01 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Grafana