- 16/2026
- High
Grafana has released security updates to fix several vulnerabilities in Grafana Enterprise.
The addressed vulnerabilities could allow the remote attacker to gain elevated privileges or perform denial-of-service attacks on the affected systems.
The addressed vulnerabilities:
1. Grafana Cross-Dashboard Privilege Escalation via Permission Management Vulnerability (CVE-2026-21721):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privilege
2. Grafana Avatar Cache Unauthenticated DoS Vulnerability (CVE-2026-21720):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial-of-Service
Vulnerabilities
- CVE-2026-21720
- CVE-2026-21721
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.