Medium severity6.5NVD Advisory· Published Mar 27, 2026· Updated May 10, 2026
CVE-2026-27877
CVE-2026-27877
Description
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards.
No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/grafana/grafanaGo | >= 9.3.0 | — |
github.com/grafana/grafanaGo | >= 12.0.0 | — |
github.com/grafana/grafanaGo | >= 12.2.0 | — |
github.com/grafana/grafanaGo | >= 12.3.0 | — |
github.com/grafana/grafanaGo | >= 12.4.0 | — |
github.com/grafana/grafanaGo | >= 1.9.2-0.20221116104934-4ee83a5f2bf4, < 1.9.2-0.20260325055210-3522153e07b4 | 1.9.2-0.20260325055210-3522153e07b4 |
Affected products
27- osv-coords26 versionspkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-12.1pkg:apk/chainguard/grafana-12.2pkg:apk/chainguard/grafana-12.3pkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-12.1pkg:apk/chainguard/grafana-fips-12.2pkg:apk/chainguard/grafana-fips-12.3pkg:apk/wolfi/grafana-11.6pkg:apk/wolfi/grafana-12.1pkg:apk/wolfi/grafana-12.2pkg:apk/wolfi/grafana-12.3pkg:bitnami/grafanapkg:golang/github.com/grafana/grafanapkg:rpm/almalinux/grafanapkg:rpm/almalinux/grafana-selinuxpkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/grafana&distro=openSUSE%20Tumbleweedpkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/grafana&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-Micro-5pkg:rpm/suse/spacecmd&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-Micro-5
< 0+ 25 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 11.6.14-r2
- (no CPE)range: < 12.1.10.01-r0
- (no CPE)range: < 12.2.8.01-r0
- (no CPE)range: < 12.3.6.01-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 9.3.0, < 11.6.14
- (no CPE)range: >= 9.3.0
- (no CPE)range: < 10.2.6-24.el10_1
- (no CPE)range: < 10.2.6-24.el10_1
- (no CPE)range: < 11.6.14+security04-bp160.1.1
- (no CPE)range: < 11.6.14+security01-1.1
- (no CPE)range: < 1.0.10-150002.3.6.1
- (no CPE)range: < 3.5.0-150002.3.8.1
- (no CPE)range: < 11.6.14+security01-150002.4.14.1
- (no CPE)range: < 0.26.0-150002.3.6.1
- (no CPE)range: < 0.26.0-150002.3.6.1
- (no CPE)range: < 5.1.13-150002.3.9.3
- (no CPE)range: < 5.1.26-150002.3.12.1
- (no CPE)range: < 5.1.26-150002.3.12.1
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-3q27-7qjq-p9c5ghsaADVISORY
- grafana.com/security/security-advisories/cve-2026-27877nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-27877ghsaADVISORY
News mentions
0No linked articles in our index yet.