This vulnerability (CVE-2026-27877, CVSS 6.5) allows information disclosure of data-source passwords via public dashboards in Grafana. Affected versions are Grafana < 9.3.0, 11.6.14 through 11.9.x, 12.1.10 through 12.1.x, 12.2.8 through 12.2.x, and 12.3.6 through 12.3.x. The issue is fixed in versions 9.3.0, 12.0.0, 12.2.0, 12.3.0, and 12.4.0.
Red Hat Product Errata RHSA-2026:11417 - Security Advisory Issued: 2026-04-28 Updated: 2026-04-28 RHSA-2026:11417 - Security Advisory Overview Updated Packages Synopsis Important: grafana security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for grafana is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: Grafana: Information disclosure of data-source passwords via public dashboards (CVE-2026-27877) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2452293 - CVE-2026-27877 grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVEs CVE-2026-27877 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM grafana-10.2.6-23.el10_0.src.rpm SHA-256: 65d72f9c84b5df4eb610d89d68d2e852f34edfbe45d1cec624fbc8162e399622 x86_64 grafana-10.2.6-23.el10_0.x86_64.rpm SHA-256: 5a4ed4fea32dd69a4e2b2c73e29c9e4cf5fac43f1bbaf70ea4817117c84de87b grafana-debuginfo-10.2.6-23.el10_0.x86_64.rpm SHA-256: e7a96e7570eacd2d98763239b3a79f97f14f8d68f64c363746dd956356e5d3a7 grafana-debugsource-10.2.6-23.el10_0.x86_64.rpm SHA-256: 82f83983ba916de4f964f9f5bd68fd5575505be3dd2193074ed8786cefe1a683 grafana-selinux-10.2.6-23.el10_0.x86_64.rpm SHA-256: ba3c58cd660a6b7f6cd8f7c2b9bfa9c2a27d85bfb6b6b73db368eac8eab09334 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM grafana-10.2.6-23.el10_0.src.rpm SHA-256: 65d72f9c84b5df4eb610d89d68d2e852f34edfbe45d1cec624fbc8162e399622 s390x grafana-10.2.6-23.el10_0.s390x.rpm SHA-256: e76e73529e94adc27e804fbe58ed96968e7c53fb55d89f5d932efec7a41ee6c5 grafana-debuginfo-10.2.6-23.el10_0.s390x.rpm SHA-256: dacea8ab0b56fdc371cb732735475cedfb8e833f24b1389d58b3f99724f50b59 grafana-debugsource-10.2.6-23.el10_0.s390x.rpm SHA-256: 08baba8117050272b23cded358578ac6af9d4b0d9eb74e45c8b2207a5215ab52 grafana-selinux-10.2.6-23.el10_0.s390x.rpm SHA-256: e7a6f24649ef9436171cc91bb834d9ad52ff431bcbd95bf045b866729df902be Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM grafana-10.2.6-23.el10_0.src.rpm SHA-256: 65d72f9c84b5df4eb610d89d68d2e852f34edfbe45d1cec624fbc8162e399622 ppc64le grafana-10.2.6-23.el10_0.ppc64le.rpm SHA-256: 7ce1195daa91c63a76c966fdad0e01eb75f609fa203a43af6ee4ad024ae91dd6 grafana-debuginfo-10.2.6-23.el10_0.ppc64le.rpm SHA-256: c6cc8b150c303811c3e3f38886352a86ca2414433057f456861673673bc02f63 grafana-debugsource-10.2.6-23.el10_0.ppc64le.rpm SHA-256: ab17509bc0020d484428277626331ab0f10cd626ab8fed6f8b8ee367d5d402a6 grafana-selinux-10.2.6-23.el10_0.ppc64le.rpm SHA-256: 5cce220457c67c4221055e3141cd04215d93b6eeacc1cb27a79af63bb0bc532f Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM grafana-10.2.6-23.el10_0.src.rpm SHA-256: 65d72f9c84b5df4eb610d89d68d2e852f34edfbe45d1cec624fbc8162e399622 aarch64 grafana-10.2.6-23.el10_0.aarch64.rpm SHA-256: 9dc8effe08cda97103809cd092bb2697c63e9248f7a0e5c7cf4e4d19c1b4c38b grafana-debuginfo-10.2.6-23.el10_0.aarch64.rpm SHA-256: d5ebf9d7d00af655d6455bb146d10a4b71a50887c889884a140ffe419bcfbb52 grafana-debugsource-10.2.6-23.el10_0.aarch64.rpm SHA-256: fb58aea2af29a43513c6300472178300c2ba0c7b349c81df8826caad4ea8c846 grafana-selinux-10.2.6-23.el10_0.aarch64.rpm SHA-256: d2d3efbd5045b137d40cf641e6a74277d30d633489bd1e73924cc6bac90168fd Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM grafana-10.2.6-23.el10_0.src.rpm SHA-256: 65d72f9c84b5df4eb610d89d68d2e852f34edfbe45d1cec624fbc8162e399622 aarch64 grafana-10.2.6-23.el10_0.aarch64.rpm SHA-256: 9dc8effe08cda97103809cd092bb2697c63e9248f7a0e5c7cf4e4d19c1b4c38b grafana-debuginfo-10.2.6-23.el10_0.aarch64.rpm SHA-256: d5ebf9d7d00af655d6455bb146d10a4b71a50887c889884a140ffe419bcfbb52 grafana-debugsource-10.2.6-23.el10_0.aarch64.rpm SHA-256: fb58aea2af29a43513c6300472178300c2ba0c7b349c81df8826caad4ea8c846 grafana-selinux-10.2.6-23.el10_0.aarch64.rpm SHA-256: d2d3efbd5045b137d40cf641e6a74277d30d633489bd1e73924cc6bac90168fd Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM grafana-10.2.6-23.el10_0.src.rpm SHA-256: 65d72f9c84b5df4eb610d89d68d2e852f34edfbe45d1cec624fbc8162e399622 s390x grafana-10.2.6-23.el10_0.s390x.rpm SHA-256: e76e73529e94adc27e804fbe58ed96968e7c53fb55d89f5d932efec7a41ee6c5 grafana-debuginfo-10.2.6-23.el10_0.s390x.rpm SHA-256: dacea8ab0b56fdc371cb732735475cedfb8e833f24b1389d58b3f99724f50b59 grafana-debugsource-10.2.6-23.el10_0.s390x.rpm SHA-256: 08baba8117050272b23cded358578ac6af9d4b0d9eb74e45c8b2207a5215ab52 grafana-selinux-10.2.6-23.el10_0.s390x.rpm SHA-256: e7a6f24649ef9436171cc91bb834d9ad52ff431bcbd95bf045b866729df902be Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM grafana-10.2.6-23.el10_0.src.rpm SHA-256: 65d72f9c84b5df4eb610d89d68d2e852f34edfbe45d1cec624fbc8162e399622 ppc64le grafana-10.2.6-23.el10_0.ppc64le.rpm SHA-256: 7ce1195daa91c63a76c966fdad0e01eb75f609fa203a43af6ee4ad024ae91dd6 grafana-debuginfo-10.2.6-23.el10_0.ppc64le.rpm SHA-256: c6cc8b150c303811c3e3f38886352a86ca2414433057f456861673673bc02f63 grafana-debugsource-10.2.6-23.el10_0.ppc64le.rpm SHA-256: ab17509bc0020d484428277626331ab0f10cd626ab8fed6f8b8ee367d5d402a6 grafana-selinux-10.2.6-23.el10_0.ppc64le.rpm SHA-256: 5cce220457c67c4221055e3141cd04215d93b6eeacc1cb27a79af63bb0bc532f Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM grafana-10.2.6-23.el10_0.src.rpm SHA-256: 65d72f9c84b5df4eb610d89d68d2e852f34edfbe45d1cec624fbc8162e399622 x86_64 grafana-10.2.6-23.el10_0.x86_64.rpm SHA-256: 5a4ed4fea32dd69a4e2b2c73e29c9e4cf5fac43f1bbaf70ea4817117c84de87b grafana-debuginfo-10.2.6-23.el10_0.x86_64.rpm SHA-256: e7a96e7570eacd2d98763239b3a79f97f14f8d68f64c363746dd956356e5d3a7 grafana-debugsource-10.2.6-23.el10_0.x86_64.rpm SHA-256: 82f83983ba916de4f964f9f5bd68fd5575505be3dd2193074ed8786cefe1a683 grafana-selinux-10.2.6-23.el10_0.x86_64.rpm SHA-256: ba3c58cd660a6b7f6cd8f7c2b9bfa9c2a27d85bfb6b6b73db368eac8eab09334 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .