Privilege Escalation in Grafana Dashboard by Unauthorized Users
CVE-2026-33377

7.1HIGH

Key Information:

Vendor: Grafana
Status: Grafana Oss
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-33377?

A security flaw in Grafana allows users with write access to a dashboard to escalate their privileges, enabling them to overwrite a dashboard that is not owned by them. This unauthorized access can lead to serious security risks as it allows users to manipulate critical dashboard settings, potentially affecting the data integrity and security of the entire system. It is essential for users to ensure that proper access controls are in place to mitigate this vulnerability.

Affected Version(s)

Grafana OSS OnPrem 8.5.0 <= 11.6.14

Grafana OSS OnPrem 11.6.14 < 11.6.14+security-04

Grafana OSS OnPrem 12.0.0 <= 12.2.8

References

https://grafana.com/security/security-advisories/cve-2026...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Mar 19, 2026

CVE-2026-33377 Data

JSON