Medium severity6.5NVD Advisory· Published Mar 27, 2026· Updated May 10, 2026
CVE-2026-27877
CVE-2026-27877
Description
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards.
No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/grafana/grafanaGo | >= 9.3.0 | — |
github.com/grafana/grafanaGo | >= 12.0.0 | — |
github.com/grafana/grafanaGo | >= 12.2.0 | — |
github.com/grafana/grafanaGo | >= 12.3.0 | — |
github.com/grafana/grafanaGo | >= 12.4.0 | — |
github.com/grafana/grafanaGo | >= 1.9.2-0.20221116104934-4ee83a5f2bf4, < 1.9.2-0.20260325055210-3522153e07b4 | 1.9.2-0.20260325055210-3522153e07b4 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-3q27-7qjq-p9c5ghsaADVISORY
- grafana.com/security/security-advisories/cve-2026-27877nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-27877ghsaADVISORY
News mentions
0No linked articles in our index yet.