Description

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.

INFO

Published Date :

2026-01-27T09:07:55.160Z

Last Modified :

2026-04-24T08:00:51.154Z

Source :

GRAFANA
AFFECTED PRODUCTS

The following products are affected by CVE-2026-21721 vulnerability.

Vendors Products
Grafana
  • Grafana
  • Grafana Enterprise
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-21721.

URL Resource
https://grafana.com/security/security-advisories/CVE-2026-21721 cve-icon
https://grafana.com/security/security-advisories/cve-2026-21721 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-21721 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-21721 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact