CVE-2026-21722
medium
Grafana CVSS v3 Base Score
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 97% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
None
Published: February 12, 2026 (91 days ago)
Last Modified: April 24, 2026
Vendor: Grafana
Source: MITRE
Vulnerability Report
Generated by CyberWatcher
Description
Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange.
This did not leak any annotations that would not otherwise be visible on the public dashboard.
Affected Products
Grafana grafana/grafanaGrafana grafana/grafana-enterprise