CVE Vulnerabilities

CVE-2026-27877

Published: Mar 27, 2026 | Modified: Jun 30, 2026
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

When using public dashboards and direct data-sources, all direct data-sources passwords are exposed despite not being used in dashboards.

No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments security.

Affected Software

NameVendorStart VersionEnd Version
GrafanaGrafana*9.3.0 (excluding)
GrafanaGrafana11.6.14 (including)12.0.0 (excluding)
GrafanaGrafana12.1.10 (including)12.2.0 (excluding)
GrafanaGrafana12.2.8 (including)12.3.0 (excluding)
GrafanaGrafana12.3.6 (including)12.4.0 (excluding)
Red Hat Enterprise Linux 10RedHatgrafana-0:10.2.6-24.el10_1*
Red Hat Enterprise Linux 10RedHatgrafana-0:10.2.6-26.el10_2*
Red Hat Enterprise Linux 10.0 Extended Update SupportRedHatgrafana-0:10.2.6-23.el10_0*
Red Hat Enterprise Linux 9RedHatgrafana-0:10.2.6-20.el9_7*
Red Hat Enterprise Linux 9RedHatgrafana-0:10.2.6-22.el9_8*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatgrafana-0:10.2.6-20.el9_6*
GrafanaUbuntuesm-apps/xenial*

References