Back to CVE List

CVE-2026-28378

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.1 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Vulnerability Description

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Grafana
Product
Grafana Enterprise, Grafana OSS

External References

Discussion (0)

Add Comment

No comments yet. Be the first!