PT-2026-40782 · Grafana · Grafana

Published

2026-05-13

Updated

2026-06-10

CVE-2026-28374

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description Users with editor privileges can delete any annotation, including those for which they lack read access, despite being unable to create or read annotations themselves.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2026-07035

BIT-GRAFANA-2026-28374

CVE-2026-28374

OPENSUSE-SU-2026:10932-1

OPENSUSE-SU-2026:20940-1

Affected Products

Grafana

PT-2026-40782 · Grafana · Grafana

CVE-2026-28374

Weakness Enumeration

Related Identifiers

Affected Products

References · 60