Main Vulnerability Database Vulnerabilities #VU122756

#VU122756 Improper access control in Grafana - CVE-2026-21722

Published: February 12, 2026

Vulnerability identifier: #VU122756

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-21722

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Grafana

Software vendor:
Grafana Labs

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the application does not limit their annotation timerange to the locked timerange of the public dashboard with annotations enabled. A remote attacker can read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange.

Remediation

Install updates from vendor's website.

External links

https://grafana.com/security/security-advisories/cve-2026-21722/

#VU122756 Improper access control in Grafana - CVE-2026-21722

Description

Remediation

External links

Please verify you're human