This Important security update for Grafana addresses CVE-2026-25679 (CVSS 7.5 High), a vulnerability in the net/url package where incorrect parsing of IPv6 host literals could be exploited. The advisory applies to Grafana packages for Red Hat Enterprise Linux 8.2 Advanced Update Support, specifically version 6.3.6-11.el8_2, which contains the fix. Administrators should apply the provided RPM updates to their affected systems.
Red Hat Product Errata RHSA-2026:8853 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8853 - Security Advisory Overview Updated Packages Synopsis Important: grafana security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for grafana is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 8.2 x86_64 Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 8.2 SRPM grafana-6.3.6-11.el8_2.src.rpm SHA-256: 89d6a076211adae58edb5cf8992587d8c625dfc93d9092ebbeeb56966b54d2aa x86_64 grafana-6.3.6-11.el8_2.x86_64.rpm SHA-256: 93cdb9e3c62ddb30d5d2f5080407f04602890467cad0de997109e1a34e8f0529 grafana-azure-monitor-6.3.6-11.el8_2.x86_64.rpm SHA-256: b4ae9e6474a9c1745ebd63358c313cad71310c81c3ff56bda9db8038e84bf1b0 grafana-cloudwatch-6.3.6-11.el8_2.x86_64.rpm SHA-256: e913c0cba7fa397d13af9fa950cbc70999233c963d5c92089116ec502f03592d grafana-debuginfo-6.3.6-11.el8_2.x86_64.rpm SHA-256: 685729884c7574334e3fa25248e691d1a7942dd7cb3216429cb65192b7d285b2 grafana-elasticsearch-6.3.6-11.el8_2.x86_64.rpm SHA-256: f322993abf209bf2649b960c2d0816d1720e0a0851545a64287859d98ad5607c grafana-graphite-6.3.6-11.el8_2.x86_64.rpm SHA-256: 9736bb0478ef36fb46870034c31116bc864085cbac328490d87d5d431365057f grafana-influxdb-6.3.6-11.el8_2.x86_64.rpm SHA-256: faef1e00063e38f132c523d52c6898f5947f0fbe11e47fb8f3e9ea64f3d9ddc6 grafana-loki-6.3.6-11.el8_2.x86_64.rpm SHA-256: 097a1bd08805324f886c02c20349d459c618f601553a83ba8bca8c23354e3211 grafana-mssql-6.3.6-11.el8_2.x86_64.rpm SHA-256: 18a8e0ce9502e602b25e5ace38745c1ffba651f3a7688765c74faafad6a1fd64 grafana-mysql-6.3.6-11.el8_2.x86_64.rpm SHA-256: 1856fe6cc48afac533db3de7ed4fa4e117ba91953c743a4db5e37b4ba880ec4c grafana-opentsdb-6.3.6-11.el8_2.x86_64.rpm SHA-256: 2ecf24dc95da44f5800ce67e3be1a70cddc7b6d88e4b7f459814b2fb409f08b7 grafana-postgres-6.3.6-11.el8_2.x86_64.rpm SHA-256: f9c3517cfa7e9797cbcb9c4430a8d974a5f484dc3ec8e2066fda37e0cee5620b grafana-prometheus-6.3.6-11.el8_2.x86_64.rpm SHA-256: 208a8f4e3191c1c2effa16d6274cb99169508b95c435778b68ff0db89b5c6551 grafana-stackdriver-6.3.6-11.el8_2.x86_64.rpm SHA-256: de1af4386b94155b7a26cf615b11443acf37193feaa341cc28b20e8da5259a1e The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .