Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-27877
PUBLISHED
More InfoOfficial Page
Assigner-GRAFANA
Assigner Org ID-57da9224-a3e2-4646-9d0e-c4dc2e05e7da
View Known Exploited Vulnerability (KEV) details
Published At-27 Mar, 2026 | 14:02
Updated At-10 May, 2026 | 13:55
Rejected At-
▼CVE Numbering Authority (CNA)
Public dashboards discloses all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

Affected Products
Vendor
Grafana LabsGrafana
Product
Grafana
Platforms
  • OnPrem
  • Cloud
Default Status
unaffected
Versions
Affected
  • From 9.3.0 before 11.6.14 (semver)
  • From 12.0.0 before 12.1.10 (semver)
  • From 12.2.0 before 12.2.8 (semver)
  • From 12.3.0 before 12.3.6 (semver)
  • From 12.4.0 before 12.4.2 (semver)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://grafana.com/security/security-advisories/cve-2026-27877
vendor-advisory
Hyperlink: https://grafana.com/security/security-advisories/cve-2026-27877
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-312CWE-312 Cleartext Storage of Sensitive Information
Type: CWE
CWE ID: CWE-312
Description: CWE-312 Cleartext Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://grafana.com/security/security-advisories/cve-2026-27877
broken-link
Hyperlink: https://grafana.com/security/security-advisories/cve-2026-27877
Resource:
broken-link
Details not found