PT-2026-40791 · Grafana · Grafana Oss
Published
2026-05-13
·
Updated
2026-05-13
·
CVE-2026-33377
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N |
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Grafana Oss