4.3
CVE-2026-28374
- EPSS 0.2%
- Veröffentlicht 13.05.2026 19:28:40
- Zuletzt bearbeitet 02.06.2026 19:29:02
- Quelle security@grafana.com
- CVE-Watchlists
- Unerledigt
IDOR in Annotations API allows unprivileged users to DELETE annotation
Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.096 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@grafana.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://grafana.com/security/security-advisories/cve-2026-28374