A vulnerability (CVE-2026-25679, CVSS 7.5 HIGH) in Grafana involves incorrect parsing of IPv6 host literals within the `net/url` library, which could potentially be exploited to bypass security controls or facilitate other attacks. The Red Hat security advisory RHSA-2026:8879 rates this update as Important and provides patched packages for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions on multiple architectures. Administrators should apply the update via the provided RPM packages to remediate the issue.
Red Hat Product Errata RHSA-2026:8879 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8879 - Security Advisory Overview Updated Packages Synopsis Important: grafana security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for grafana is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM grafana-9.0.9-11.el9_2.src.rpm SHA-256: 55b5464050d242eb3d0d9ce5d752668a00c49a3b86e0724a005aed5a89f16a6d x86_64 grafana-9.0.9-11.el9_2.x86_64.rpm SHA-256: e5ac694759c901ce64259fbc0995d2fa98ac23024e05994d1b944d75e73e0274 grafana-debuginfo-9.0.9-11.el9_2.x86_64.rpm SHA-256: 5490b1e1b9f543a0491569d0d73ff01179a35ef46709834df1b51dd900b96741 grafana-debugsource-9.0.9-11.el9_2.x86_64.rpm SHA-256: 6e305128bc0738158d413a92a47fc240cbc0248ef60cd8368f44a778665fa825 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM grafana-9.0.9-11.el9_2.src.rpm SHA-256: 55b5464050d242eb3d0d9ce5d752668a00c49a3b86e0724a005aed5a89f16a6d ppc64le grafana-9.0.9-11.el9_2.ppc64le.rpm SHA-256: a97274f301f16e3a520e2fb961b3c87411a82b8d4dd880aeac05a7f726728e23 grafana-debuginfo-9.0.9-11.el9_2.ppc64le.rpm SHA-256: c7a665596b33d34213dfeac67ce947272c93745f6f7586395853b86eb9b88f09 grafana-debugsource-9.0.9-11.el9_2.ppc64le.rpm SHA-256: 4ecf46be4e2cebd49c4c850b698f1717383208d1ff3ef2c7020575f57263809b Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM grafana-9.0.9-11.el9_2.src.rpm SHA-256: 55b5464050d242eb3d0d9ce5d752668a00c49a3b86e0724a005aed5a89f16a6d x86_64 grafana-9.0.9-11.el9_2.x86_64.rpm SHA-256: e5ac694759c901ce64259fbc0995d2fa98ac23024e05994d1b944d75e73e0274 grafana-debuginfo-9.0.9-11.el9_2.x86_64.rpm SHA-256: 5490b1e1b9f543a0491569d0d73ff01179a35ef46709834df1b51dd900b96741 grafana-debugsource-9.0.9-11.el9_2.x86_64.rpm SHA-256: 6e305128bc0738158d413a92a47fc240cbc0248ef60cd8368f44a778665fa825 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM grafana-9.0.9-11.el9_2.src.rpm SHA-256: 55b5464050d242eb3d0d9ce5d752668a00c49a3b86e0724a005aed5a89f16a6d aarch64 grafana-9.0.9-11.el9_2.aarch64.rpm SHA-256: 87185e71989c2d521c2d33b6f959645ee0d5936c068dda44751a011da21f4560 grafana-debuginfo-9.0.9-11.el9_2.aarch64.rpm SHA-256: 3ee118d2ce81013640620ade4f26335bb981be93cd4e70010412265116f54d7a grafana-debugsource-9.0.9-11.el9_2.aarch64.rpm SHA-256: e36a7b85292c1b595adac4936652eb40c6305ae22cf24959716d7bf099a7b5f1 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM grafana-9.0.9-11.el9_2.src.rpm SHA-256: 55b5464050d242eb3d0d9ce5d752668a00c49a3b86e0724a005aed5a89f16a6d s390x grafana-9.0.9-11.el9_2.s390x.rpm SHA-256: 3d6592b82ba77379b600d4e203f2d3826df64cac5e498ed3b9670ec0271d976b grafana-debuginfo-9.0.9-11.el9_2.s390x.rpm SHA-256: 3b7c6427f691adb184dd22a50adfa58c4ff6b31ecd7dca7fb13b46f571aa78be grafana-debugsource-9.0.9-11.el9_2.s390x.rpm SHA-256: a3ae06371bc19302460e6397e852d1f6d9cc7afc8755ae1c83c6c41a3724dfd6 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM grafana-9.0.9-11.el9_2.src.rpm SHA-256: 55b5464050d242eb3d0d9ce5d752668a00c49a3b86e0724a005aed5a89f16a6d x86_64 grafana-9.0.9-11.el9_2.x86_64.rpm SHA-256: e5ac694759c901ce64259fbc0995d2fa98ac23024e05994d1b944d75e73e0274 grafana-debuginfo-9.0.9-11.el9_2.x86_64.rpm SHA-256: 5490b1e1b9f543a0491569d0d73ff01179a35ef46709834df1b51dd900b96741 grafana-debugsource-9.0.9-11.el9_2.x86_64.rpm SHA-256: 6e305128bc0738158d413a92a47fc240cbc0248ef60cd8368f44a778665fa825 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM grafana-9.0.9-11.el9_2.src.rpm SHA-256: 55b5464050d242eb3d0d9ce5d752668a00c49a3b86e0724a005aed5a89f16a6d aarch64 grafana-9.0.9-11.el9_2.aarch64.rpm SHA-256: 87185e71989c2d521c2d33b6f959645ee0d5936c068dda44751a011da21f4560 grafana-debuginfo-9.0.9-11.el9_2.aarch64.rpm SHA-256: 3ee118d2ce81013640620ade4f26335bb981be93cd4e70010412265116f54d7a grafana-debugsource-9.0.9-11.el9_2.aarch64.rpm SHA-256: e36a7b85292c1b595adac4936652eb40c6305ae22cf24959716d7bf099a7b5f1 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM grafana-9.0.9-11.el9_2.src.rpm SHA-256: 55b5464050d242eb3d0d9ce5d752668a00c49a3b86e0724a005aed5a89f16a6d ppc64le grafana-9.0.9-11.el9_2.ppc64le.rpm SHA-256: a97274f301f16e3a520e2fb961b3c87411a82b8d4dd880aeac05a7f726728e23 grafana-debuginfo-9.0.9-11.el9_2.ppc64le.rpm SHA-256: c7a665596b33d34213dfeac67ce947272c93745f6f7586395853b86eb9b88f09 grafana-debugsource-9.0.9-11.el9_2.ppc64le.rpm SHA-256: 4ecf46be4e2cebd49c4c850b698f1717383208d1ff3ef2c7020575f57263809b Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM grafana-9.0.9-11.el9_2.src.rpm SHA-256: 55b5464050d242eb3d0d9ce5d752668a00c49a3b86e0724a005aed5a89f16a6d s390x grafana-9.0.9-11.el9_2.s390x.rpm SHA-256: 3d6592b82ba77379b600d4e203f2d3826df64cac5e498ed3b9670ec0271d976b grafana-debuginfo-9.0.9-11.el9_2.s390x.rpm SHA-256: 3b7c6427f691adb184dd22a50adfa58c4ff6b31ecd7dca7fb13b46f571aa78be grafana-debugsource-9.0.9-11.el9_2.s390x.rpm SHA-256: a3ae06371bc19302460e6397e852d1f6d9cc7afc8755ae1c83c6c41a3724dfd6 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .