Data Exposure Vulnerability in Grafana by Grafana Labs
CVE-2026-27877

6.5MEDIUM

Key Information:

Vendor: Grafana
Status: Grafana
Vendor: CVE Published:; 27 March 2026

What is CVE-2026-27877?

This vulnerability in Grafana allows the exposure of passwords for direct data-sources within public dashboards, posing a security risk for deployments. While proxied data-source passwords remain secure, organizations are urged to convert direct data-sources to proxied formats to enhance their security posture and mitigate potential risks.

Affected Version(s)

Grafana OnPrem 9.3.0 < 11.6.14

Grafana OnPrem 12.0.0 < 12.1.10

Grafana OnPrem 12.2.0 < 12.2.8

References

https://grafana.com/security/security-advisories/cve-2026...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Feb 24, 2026

CVE-2026-27877 Data

JSON