Home

Description

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations.

PUBLISHED Reserved 2026-02-27 | Published 2026-05-13 | Updated 2026-05-14 | Assigner GRAFANA




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Product status

Default status
unaffected

8.5.0 (semver)
affected

11.6.14 (custom) before 11.6.14+security-04
affected

12.0.0 (semver)
affected

12.2.8 (custom) before 12.2.8+security-04
affected

12.3.0 (semver)
affected

12.3.6 (custom) before 12.3.6+security-04
affected

12.4.0 (semver)
affected

12.4.3 (custom) before 12.4.3+security-02
affected

13.0.0 (semver)
affected

13.0.1 (custom) before 13.0.1+security-01
affected

References

grafana.com/security/security-advisories/cve-2026-28374 vendor-advisory

cve.org (CVE-2026-28374)

nvd.nist.gov (CVE-2026-28374)

Download JSON