{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T13:12:01.867","vulnerabilities":[{"cve":{"id":"CVE-2026-21721","sourceIdentifier":"security@grafana.com","published":"2026-01-27T09:15:48.640","lastModified":"2026-04-20T17:28:19.960","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation."},{"lang":"es","value":"La API de permisos del panel no verifica el alcance del panel de destino y solo comprueba la acción dashboards.permissions:*. Como resultado, un usuario que tiene derechos de gestión de permisos en un panel puede leer y modificar permisos en otros paneles. Esto es una escalada de privilegios interna de la organización."}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"11.6.9","matchCriteriaId":"6F6E2185-5D9B-4519-BFE1-363489FDE5C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.0.8","matchCriteriaId":"0800CF3F-6B22-4AC9-B7A5-88F00162D7CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0","versionEndExcluding":"12.1.5","matchCriteriaId":"B74E6E97-D985-4F8E-BFE9-DD40D99995D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.3","matchCriteriaId":"FCC333B0-9BDE-4A2D-9648-C8017242DDC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.9:-:*:*:*:*:*:*","matchCriteriaId":"75C49C18-902A-447E-97F3-2679BD19B517"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.0.8:-:*:*:*:*:*:*","matchCriteriaId":"63A1D7CB-4839-4706-AB16-0D1609B62C1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.1.5:-:*:*:*:*:*:*","matchCriteriaId":"FCEFE43C-35EA-4163-A184-6FE2FF14B2BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.3:-:*:*:*:*:*:*","matchCriteriaId":"D5613D06-3180-477D-9272-CAF86A6D764D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D0226F9E-7B57-4F41-BC7D-234F17628970"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.1:-:*:*:*:*:*:*","matchCriteriaId":"B7B29640-D0AE-4B99-95F8-B1D84E3A17AA"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21721","source":"security@grafana.com","tags":["Vendor Advisory"]}]}}]}