CVE-2026-21721
CVE-2026-21721 — Grafana dashboard permissions scope bypass. The exposed issue arises because the dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. An authenticated user with permission-management rights on one dashboard can ...