CVE-2026-21722

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Grafana (affected versions not specified)

Description Public dashboards with annotations enabled did not restrict the annotation timerange to the locked timerange of the public dashboard. This allowed reading the complete history of annotations visible on the dashboard, even those outside the locked timerange. The issue did not expose annotations that were not already visible on the public dashboard.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-863

Related Identifiers

BDU:2026-02011

BIT-GRAFANA-2026-21722

CVE-2026-21722

OPENSUSE-SU-2026:10601-1

OPENSUSE-SU-2026:20654-1

SUSE-SU-2026:1013-1

SUSE-SU-2026:1037-1

SUSE-SU-2026:1148-1

SUSE-SU-2026:1524-1

Affected Products

Grafana

CVE-2026-21722

Weakness Enumeration

Related Identifiers

Affected Products

References · 97