ГлавнаяУязвимости → CVE-2026-21721
8.1высокая

CVE-2026-21721

→ есть в БДУ: BDU:2026-01120 (на русском)
Описание (на английском; русское — в БДУ выше)

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.

Затрагиваемое ПО
Grafana Grafana
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Источники
https://grafana.com/security/security-advisories/cve-2026-21721https://access.redhat.com/errata/RHSA-2026:2914https://access.redhat.com/errata/RHSA-2026:2920https://access.redhat.com/errata/RHSA-2026:3078https://access.redhat.com/errata/RHSA-2026:3529https://access.redhat.com/errata/RHSA-2026:5633https://access.redhat.com/errata/RHSA-2026:8229https://access.redhat.com/security/cve/CVE-2026-21721