VYPR
Medium severity5.4NVD Advisory· Published Mar 26, 2026· Updated Apr 14, 2026

CVE-2026-21724

CVE-2026-21724

Description

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/grafana/grafanaGo
< 1.9.2-0.20260323180334-daffe750de851.9.2-0.20260323180334-daffe750de85

Affected products

16

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.