6.5
CVE-2026-28380
- EPSS 0.23%
- Veröffentlicht 13.05.2026 19:28:32
- Zuletzt bearbeitet 02.06.2026 19:28:57
- Quelle security@grafana.com
- CVE-Watchlists
- Unerledigt
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.132 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@grafana.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://grafana.com/security/security-advisories/cve-2026-28380