This security update addresses CVE-2026-27877 (CVSS 6.5 Medium), an information disclosure vulnerability in Grafana where data-source passwords could be exposed via public dashboards. The vulnerability affects Grafana versions prior to 9.3.0, versions 11.6.14 through 11.9.x, 12.1.10 through 12.1.x, 12.2.8 through 12.2.x, and 12.3.6 through 12.3.x. The issue is resolved in versions 9.3.0, 12.0.0, 12.2.0, 12.3.0, and 12.4.0.
Red Hat Product Errata RHSA-2026:10226 - Security Advisory Issued: 2026-04-23 Updated: 2026-04-23 RHSA-2026:10226 - Security Advisory Overview Updated Packages Synopsis Important: grafana security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: Grafana: Information disclosure of data-source passwords via public dashboards (CVE-2026-27877) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Fixes BZ - 2452293 - CVE-2026-27877 grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVEs CVE-2026-27877 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM grafana-10.2.6-20.el9_7.src.rpm SHA-256: 4790080382160baec0c0961ede3d271a9c5dd275cf58f2298d49f83986e87a0b x86_64 grafana-10.2.6-20.el9_7.x86_64.rpm SHA-256: 771540efbf2b45d746ea2ea8520ecc7c06478bf94c01cc5d973f98d1cc05d6cc grafana-debuginfo-10.2.6-20.el9_7.x86_64.rpm SHA-256: 17a7698fe2a709db673ae310ed336f8f1a17a6c0167d8008012ced63bc38580b grafana-debugsource-10.2.6-20.el9_7.x86_64.rpm SHA-256: 8c53eb1234f800f7533e7a78f2db5e2d897195b1b3c3ce09d145d3df03764e4e grafana-selinux-10.2.6-20.el9_7.x86_64.rpm SHA-256: f25f0c3abbb8f00b75e45dda50175f331afd670e5c40e44d6de8fa60bf4d6701 Red Hat Enterprise Linux for IBM z Systems 9 SRPM grafana-10.2.6-20.el9_7.src.rpm SHA-256: 4790080382160baec0c0961ede3d271a9c5dd275cf58f2298d49f83986e87a0b s390x grafana-10.2.6-20.el9_7.s390x.rpm SHA-256: 18afd0626e1b44a649c7d6e69007291cc81f7abd879b6a0baae3134c52117654 grafana-debuginfo-10.2.6-20.el9_7.s390x.rpm SHA-256: 35589b10fa53ebcc94b371034c71225033ba988ea9f0f0afed726e2b84f0d0b7 grafana-debugsource-10.2.6-20.el9_7.s390x.rpm SHA-256: 56d8ed8559ab315e969bead374527fef13673c2d614ae84529aae40492a8b9c1 grafana-selinux-10.2.6-20.el9_7.s390x.rpm SHA-256: 2b2211f132259f9ec77a3a4292575573b871fb2f7113bc19e2abfea224932b03 Red Hat Enterprise Linux for Power, little endian 9 SRPM grafana-10.2.6-20.el9_7.src.rpm SHA-256: 4790080382160baec0c0961ede3d271a9c5dd275cf58f2298d49f83986e87a0b ppc64le grafana-10.2.6-20.el9_7.ppc64le.rpm SHA-256: a89e67da39a64b017561cb7fc81c0f1eabc09a7a1e634cb5d1dbc26036ecdf9f grafana-debuginfo-10.2.6-20.el9_7.ppc64le.rpm SHA-256: c00ac1636df57b5dd8856a942ca36ee502ba4a4a90c70c11bb16842ee45bef51 grafana-debugsource-10.2.6-20.el9_7.ppc64le.rpm SHA-256: 647a34aa95deba4d98ae52b7b36ba2bc1e35ff57d392a0d7a4ea342772612857 grafana-selinux-10.2.6-20.el9_7.ppc64le.rpm SHA-256: ae7503084257471744267bf0e7707c637b279f8f9141b91b78dc8c133462ecda Red Hat Enterprise Linux for ARM 64 9 SRPM grafana-10.2.6-20.el9_7.src.rpm SHA-256: 4790080382160baec0c0961ede3d271a9c5dd275cf58f2298d49f83986e87a0b aarch64 grafana-10.2.6-20.el9_7.aarch64.rpm SHA-256: d18dfe0fd7dd38f42de6340262e96d9e93b2beeabb2e661efe4e5940e9cfa6e9 grafana-debuginfo-10.2.6-20.el9_7.aarch64.rpm SHA-256: bd0b9186886a39713dd9dbb70ec5dda30960e1e4234396c5dfffe9d1dd01e086 grafana-debugsource-10.2.6-20.el9_7.aarch64.rpm SHA-256: a2c5f880b796f7ea9f1d825caeedb5720655b20e8877a6f8c393aa019a9d04d2 grafana-selinux-10.2.6-20.el9_7.aarch64.rpm SHA-256: 7c52ddebdd085777d9608114971098bf49d2c5608e87b95bf6cc8fb53aab4803 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .