Token Minting Vulnerability in Grafana Software
CVE-2026-33381

5.9MEDIUM

Key Information:

Vendor: Grafana
Status: Grafana Oss
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-33381?

This vulnerability arises when a user's permission to mint tokens for a service account is revoked, yet they may still manage to do so for a brief period afterward. Although access is ultimately terminated, this window of opportunity could be exploited, posing security risks for affected systems. Organizations utilizing Grafana versions mentioned should evaluate their configurations and implement necessary mitigations to secure their environments against unauthorized token minting activities.

Affected Version(s)

Grafana OSS OnPrem 9.2.0 <= 11.6.14

Grafana OSS OnPrem 11.6.14 < 11.6.14+security-04

Grafana OSS OnPrem 12.0.0 <= 12.2.8

References

https://grafana.com/security/security-advisories/cve-2026...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Mar 19, 2026

CVE-2026-33381 Data

JSON