{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T06:56:16.160","vulnerabilities":[{"cve":{"id":"CVE-2026-21720","sourceIdentifier":"security@grafana.com","published":"2026-01-27T09:15:48.490","lastModified":"2026-02-17T20:06:27.733","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems."},{"lang":"es","value":"Cada solicitud sin caché a /avatar/:hash lanza una goroutine que actualiza la imagen de Gravatar. Si la actualización permanece en la cola de trabajadores de 10 ranuras por más de tres segundos, el manejador agota el tiempo de espera y deja de escuchar el resultado, de modo que esa goroutine se bloquea para siempre intentando enviar en un canal sin búfer. El tráfico sostenido con hashes aleatorios sigue activando este tiempo de espera, por lo que el recuento de goroutines crece linealmente, agotando la memoria con el tiempo y provocando que Grafana falle en algunos sistemas."}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-703"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"11.6.9","matchCriteriaId":"215EC0E7-BF4E-460F-893F-3D5E56692D65"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"11.6.9","matchCriteriaId":"4D528EF4-2414-4A32-BA0E-16FA15EE1D52"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.0.8","matchCriteriaId":"C3E78D4A-A206-4BD4-BBE5-F8BE832B4A07"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.0.8","matchCriteriaId":"C0821B6B-AC98-4A9D-973D-12E2063DF866"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.0","versionEndExcluding":"12.1.5","matchCriteriaId":"993757EB-FCCD-4B3B-B23A-00EA8B1AFF52"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.1.0","versionEndExcluding":"12.1.5","matchCriteriaId":"FB947690-25AC-4597-80B3-9034CE94B8C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.3","matchCriteriaId":"A87029A0-871D-4130-A240-7A64990573F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.3","matchCriteriaId":"B3E99C8B-08A8-4672-8ED2-E8CE2F3DCD4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.0:*:*:*:-:*:*:*","matchCriteriaId":"9BE4EE19-92B3-4B1D-97BE-76194B38DA2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"EB9EC106-6F33-4834-B59D-6633BB83B6A5"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/CVE-2026-21720","source":"security@grafana.com","tags":["Broken Link"]}]}}]}