4 matches found
BIT-GRAFANA-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-28380
The CVE-2026-28380 entry describes a broken access control flaw in the Snapshot API that lets Any Editor delete any dashboard snapshot, even without read/write permissions. Affected component is the Snapshot API used for managing dashboard snapshots; the underlying cause is insufficient authoriza...
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...