VIR Vulnerability Intelligence Relay

CVE-2026-27877

high
Published 2026-04-24 · Modified 2026-05-26
CVSS v3
7.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v2
VIR risk
7.5

Description

Important: grafana security update

Predictions

Exploit likelihood
83%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2026-19352.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2456338

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2456336

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2026-10226.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2452293

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2026-27877.html

vendor Authored 2026-05-27

Vendor advisory: security@grafana.com — https://grafana.com/security/security-advisories/cve-2026-27877

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2026:19352

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2026:10226

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
suse slesaffected

Package impact
EcosystemPackageVulnerableFixed
golang Gogithub.com/grafana/grafana>=9.3.0
golang Gogithub.com/grafana/grafana>=12.0.0
golang Gogithub.com/grafana/grafana>=12.2.0
golang Gogithub.com/grafana/grafana>=12.4.0
golang Gogithub.com/grafana/grafana>=1.9.2-0.20221116104934-4ee83a5f2bf4,<1.9.2-0.20260325055210-3522153e07b41.9.2-0.20260325055210-3522153e07b4
golang Gogithub.com/grafana/grafana>=12.3.0
golang GOgithub.com/grafana/grafana>= 1.9.2-0.20221116104934-4ee83a5f2bf4, < 1.9.2-0.20260325055210-3522153e07b41.9.2-0.20260325055210-3522153e07b4
golang GOgithub.com/grafana/grafana>= 12.4.0, < 12.4.2
golang GOgithub.com/grafana/grafana>= 12.3.0, < 12.3.6
golang GOgithub.com/grafana/grafana>= 12.2.0, < 12.2.8
golang GOgithub.com/grafana/grafana>= 12.0.0, < 12.1.10
golang GOgithub.com/grafana/grafana>= 9.3.0, < 11.6.14

Application impact
VendorProductVersionsFixed
grafanagrafana{"endExcluding":"9.3.0"}9.3.0

References

CWEs

CWE-312

Verify integrity in audit chain (admin only). AS-IS.