CVE-2026-28378
07.07.2026, 22:16
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| grafana | grafana | 11.6.0 ≤ 𝑥 ≤ 11.6.13 | CNA |
| grafana | grafana | 12.1.0 ≤ 𝑥 ≤ 12.1.9 | CNA |
| grafana | grafana | 12.2.0 ≤ 𝑥 ≤ 12.2.7 | CNA |
| grafana | grafana | 12.3.0 ≤ 𝑥 ≤ 12.3.5 | CNA |
| grafana | grafana | 12.4.0 ≤ 𝑥 ≤ 12.4.1 | CNA |