This Important security update for Grafana addresses CVE-2026-25679 (CVSS 7.5 HIGH), a vulnerability in the net/url library involving incorrect parsing of IPv6 host literals. The flaw affects Grafana packages for Red Hat Enterprise Linux 9.6 Extended Update Support and related variants. The advisory provides updated packages, specifically version grafana-10.2.6-19.el9_6, to remediate the issue.
Red Hat Product Errata RHSA-2026:8847 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8847 - Security Advisory Overview Updated Packages Synopsis Important: grafana security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for grafana is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe x86_64 grafana-10.2.6-19.el9_6.x86_64.rpm SHA-256: cfec7325a9c3dee368cde699546cc8734a17c40dfb0cb5fcfc17720a7b6ccd52 grafana-debuginfo-10.2.6-19.el9_6.x86_64.rpm SHA-256: 9169fb7451992b4ca3930824fe0055b364456999d33e40a78d000f4ac7cd14fd grafana-debugsource-10.2.6-19.el9_6.x86_64.rpm SHA-256: a4a05b5568cae7af5ce542d6009e3b63ac3502ea6c8ac8b42324413a63fcdd5c grafana-selinux-10.2.6-19.el9_6.x86_64.rpm SHA-256: 65e848edef772033eac6b9c09421d76d73ed25eafe257d398404f36f4ebcd1ae Red Hat Enterprise Linux Server - AUS 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe x86_64 grafana-10.2.6-19.el9_6.x86_64.rpm SHA-256: cfec7325a9c3dee368cde699546cc8734a17c40dfb0cb5fcfc17720a7b6ccd52 grafana-debuginfo-10.2.6-19.el9_6.x86_64.rpm SHA-256: 9169fb7451992b4ca3930824fe0055b364456999d33e40a78d000f4ac7cd14fd grafana-debugsource-10.2.6-19.el9_6.x86_64.rpm SHA-256: a4a05b5568cae7af5ce542d6009e3b63ac3502ea6c8ac8b42324413a63fcdd5c grafana-selinux-10.2.6-19.el9_6.x86_64.rpm SHA-256: 65e848edef772033eac6b9c09421d76d73ed25eafe257d398404f36f4ebcd1ae Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe s390x grafana-10.2.6-19.el9_6.s390x.rpm SHA-256: 509cee608b588c8cc5aff79542e5a2da37fe5e0a6276643b0dc7072da9c9ffb7 grafana-debuginfo-10.2.6-19.el9_6.s390x.rpm SHA-256: 6bbe7bca53beb534a578265630eb8e3afdfe566b118b3cb3b9f52152c4f8743b grafana-debugsource-10.2.6-19.el9_6.s390x.rpm SHA-256: 7a8f254b29dd3ff6eef9044c88eda51c3f31102aa96477b3fbd170d3aad59e02 grafana-selinux-10.2.6-19.el9_6.s390x.rpm SHA-256: 35c9b165aa6c1167754135ca027fae3c1dd43250c4397fbc51fc386d87e9b117 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe ppc64le grafana-10.2.6-19.el9_6.ppc64le.rpm SHA-256: 304aaed6d0ac441fce770f0cd977d09ba0b867911b4acdfb975c31531d5ff1a7 grafana-debuginfo-10.2.6-19.el9_6.ppc64le.rpm SHA-256: 7193a2e48e7b94d853bde7ce334cfc7646a5fae24b64b79edc6d895010cfdac1 grafana-debugsource-10.2.6-19.el9_6.ppc64le.rpm SHA-256: b134556724454ab80a1bcd1cb31f0f9e55026facdfdd118b1762d6d7fa1830bb grafana-selinux-10.2.6-19.el9_6.ppc64le.rpm SHA-256: 9e0d76cb3ae3df6dd7b6fbdae92b8348b3f19829df2572f42d0b808a3e91996a Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe aarch64 grafana-10.2.6-19.el9_6.aarch64.rpm SHA-256: 44e93c500c95a2b721e2082a9f0d596ba2f4dd7b72fac3722adbe86bedf220fb grafana-debuginfo-10.2.6-19.el9_6.aarch64.rpm SHA-256: f1eb4a44afdc083877d6e168bf50c667bd50dd842f6235ad45e12912ddeb86e1 grafana-debugsource-10.2.6-19.el9_6.aarch64.rpm SHA-256: 6cad1c7f3c64b0a0d26623610afd33610a70f53b50914e7ed5b7586212d18ccf grafana-selinux-10.2.6-19.el9_6.aarch64.rpm SHA-256: 3b1d690a28c8794bd63cd4e86800f56fabaa1c468096c54236a24a4f36f122e8 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe ppc64le grafana-10.2.6-19.el9_6.ppc64le.rpm SHA-256: 304aaed6d0ac441fce770f0cd977d09ba0b867911b4acdfb975c31531d5ff1a7 grafana-debuginfo-10.2.6-19.el9_6.ppc64le.rpm SHA-256: 7193a2e48e7b94d853bde7ce334cfc7646a5fae24b64b79edc6d895010cfdac1 grafana-debugsource-10.2.6-19.el9_6.ppc64le.rpm SHA-256: b134556724454ab80a1bcd1cb31f0f9e55026facdfdd118b1762d6d7fa1830bb grafana-selinux-10.2.6-19.el9_6.ppc64le.rpm SHA-256: 9e0d76cb3ae3df6dd7b6fbdae92b8348b3f19829df2572f42d0b808a3e91996a Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe x86_64 grafana-10.2.6-19.el9_6.x86_64.rpm SHA-256: cfec7325a9c3dee368cde699546cc8734a17c40dfb0cb5fcfc17720a7b6ccd52 grafana-debuginfo-10.2.6-19.el9_6.x86_64.rpm SHA-256: 9169fb7451992b4ca3930824fe0055b364456999d33e40a78d000f4ac7cd14fd grafana-debugsource-10.2.6-19.el9_6.x86_64.rpm SHA-256: a4a05b5568cae7af5ce542d6009e3b63ac3502ea6c8ac8b42324413a63fcdd5c grafana-selinux-10.2.6-19.el9_6.x86_64.rpm SHA-256: 65e848edef772033eac6b9c09421d76d73ed25eafe257d398404f36f4ebcd1ae Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe aarch64 grafana-10.2.6-19.el9_6.aarch64.rpm SHA-256: 44e93c500c95a2b721e2082a9f0d596ba2f4dd7b72fac3722adbe86bedf220fb grafana-debuginfo-10.2.6-19.el9_6.aarch64.rpm SHA-256: f1eb4a44afdc083877d6e168bf50c667bd50dd842f6235ad45e12912ddeb86e1 grafana-debugsource-10.2.6-19.el9_6.aarch64.rpm SHA-256: 6cad1c7f3c64b0a0d26623610afd33610a70f53b50914e7ed5b7586212d18ccf grafana-selinux-10.2.6-19.el9_6.aarch64.rpm SHA-256: 3b1d690a28c8794bd63cd4e86800f56fabaa1c468096c54236a24a4f36f122e8 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe s390x grafana-10.2.6-19.el9_6.s390x.rpm SHA-256: 509cee608b588c8cc5aff79542e5a2da37fe5e0a6276643b0dc7072da9c9ffb7 grafana-debuginfo-10.2.6-19.el9_6.s390x.rpm SHA-256: 6bbe7bca53beb534a578265630eb8e3afdfe566b118b3cb3b9f52152c4f8743b grafana-debugsource-10.2.6-19.el9_6.s390x.rpm SHA-256: 7a8f254b29dd3ff6eef9044c88eda51c3f31102aa96477b3fbd170d3aad59e02 grafana-selinux-10.2.6-19.el9_6.s390x.rpm SHA-256: 35c9b165aa6c1167754135ca027fae3c1dd43250c4397fbc51fc386d87e9b117 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe x86_64 grafana-10.2.6-19.el9_6.x86_64.rpm SHA-256: cfec7325a9c3dee368cde699546cc8734a17c40dfb0cb5fcfc17720a7b6ccd52 grafana-debuginfo-10.2.6-19.el9_6.x86_64.rpm SHA-256: 9169fb7451992b4ca3930824fe0055b364456999d33e40a78d000f4ac7cd14fd grafana-debugsource-10.2.6-19.el9_6.x86_64.rpm SHA-256: a4a05b5568cae7af5ce542d6009e3b63ac3502ea6c8ac8b42324413a63fcdd5c grafana-selinux-10.2.6-19.el9_6.x86_64.rpm SHA-256: 65e848edef772033eac6b9c09421d76d73ed25eafe257d398404f36f4ebcd1ae Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe aarch64 grafana-10.2.6-19.el9_6.aarch64.rpm SHA-256: 44e93c500c95a2b721e2082a9f0d596ba2f4dd7b72fac3722adbe86bedf220fb grafana-debuginfo-10.2.6-19.el9_6.aarch64.rpm SHA-256: f1eb4a44afdc083877d6e168bf50c667bd50dd842f6235ad45e12912ddeb86e1 grafana-debugsource-10.2.6-19.el9_6.aarch64.rpm SHA-256: 6cad1c7f3c64b0a0d26623610afd33610a70f53b50914e7ed5b7586212d18ccf grafana-selinux-10.2.6-19.el9_6.aarch64.rpm SHA-256: 3b1d690a28c8794bd63cd4e86800f56fabaa1c468096c54236a24a4f36f122e8 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 SRPM grafana-10.2.6-19.el9_6.src.rpm SHA-256: 7409def9b0cd9e9548af8f96293d83989355f6d5c2a33ab2cd85db1b62d3a9fe ppc64le grafana-10.2.6-19.el9_6.ppc64le.rpm