CVE-2026-21726
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Description
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace}
Thanks to Prasanth Sundararajan for reporting this vulnerability.
Thanks to Prasanth Sundararajan for reporting this vulnerability.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Grafana
Product
Loki
Discussion (0)
Add Comment
No comments yet. Be the first!