Grafana Post-Auth DuckDB - SQL Injection To File Read

The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...

grafana-11.6.14+security04-2.1 on GA media (moderate)

grafana-11.6.14+security04-2.1 on GA media Announcement ID: openSUSE-SU-2026:10981-1 Rating: moderate Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2026-39821 SUSE : 9.1...

RHSA-2026:11712 Red Hat Security Advisory: grafana security update

Bulletin has no description...

OPENSUSE-SU-2026:10677-1 grafana-11.6.14+security01-2.1 on GA media

These are all security issues fixed in the grafana-11.6.14+security01-2.1 package on the GA media of openSUSE Tumbleweed...

grafana-pcp security update

5.3.0-4 - Resolves RHEL-166433: CVE-2026-32282 - Resolves RHEL-167474: CVE-2026-32283...

RHSA-2026:10223 Red Hat Security Advisory: grafana security update

Bulletin has no description...

RHSA-2026:10226 Red Hat Security Advisory: grafana security update

Bulletin has no description...

OPENSUSE-SU-2026:10601-1 grafana-11.6.14+security01-1.1 on GA media

These are all security issues fixed in the grafana-11.6.14+security01-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2026:1524-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: - Security issues fixed: CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup bsc1258893 +...

grafana security update

An update is available for grafana. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...

RHSA-2026:3854 Red Hat Security Advisory: grafana security update

Bulletin has no description...

ALSA-2026:7011 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

RHSA-2026:3880 Red Hat Security Advisory: grafana security update

Bulletin has no description...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHSA-2026:3836 Red Hat Security Advisory: grafana security update

Bulletin has no description...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview github.com/grafana/grafana/pkg/api is an open and composable observability and data visualization platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a time-of-check-to-time-of-use condition in the datasource deletion...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHSA-2026:2914 Red Hat Security Advisory: grafana security update

Bulletin has no description...

ALSA-2026:2914 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 grafana/grafana/pkg/services/dashboards: Grafana...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 For more details about the security issues, including t...