CVE-2026-28378
LOW SEVERITYCVSS Score & Metrics
Base Score
3.1 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Description
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Grafana
Product
Grafana Enterprise, Grafana OSS
Discussion (0)
Add Comment
No comments yet. Be the first!