CVE-2026-7573 GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

Sentry's improper authentication on SAML SSO process allows user identity linking

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via Sentry's private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the sa...

CVE-2026-22642

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL...

CVE-2026-22642

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-22642

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22642

...

EUVD-2026-2802

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL...

CVE-2026-22642

...

PT-2026-3009

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL...

Linux Distros Unpatched Vulnerability : CVE-2021-41244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine- grained access control beta feature is enabled and ther...

Linux Distros Unpatched Vulnerability : CVE-2025-6197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations...

SUSE CVE-2025-6197

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL...

Open Redirect

Overview github.com/grafana/grafana/pkg/middleware is a The open-source platform for monitoring and observability. Affected versions of this package are vulnerable to Open Redirect via the organization switching process. An attacker can redirect users to arbitrary external sites by crafting a...

CVE-2025-6197

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL...

Grafana Open Redirect in Organization Switching

An open redirect vulnerability has been identified in Grafana organization switching functionality. Prerequisites for exploitation: Multiple organizations must exist in the Grafana instance Victim must be on a different organization than the one specified in the URL Fixed in versions...

CVE-2024-56136

Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an emai...

PT-2025-3194 · Zulip · Zulip Server

Name of the Vulnerable Software and Affected Versions: Zulip Server versions 7.0 through 9.3 Description: The issue concerns an information disclosure attack where an unauthenticated user can determine if an email address is in use by a user on a Zulip server hosting multiple organizations. There...

SUSE CVE-2021-41244

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...

GHSA-FW9C-75HH-89P6 Grafana privilege escalation vulnerability

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and...

PT-2023-8896 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue impacts Grafana instances with multiple organizations, allowing a user with Organization Admin permissions in one organization to change permissions associated with Organization...