CVE-2026-21724

Medium CVSS: 5.4

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission.

Vendor

Product

CWE

CWE-285

Yayın Tarihi

2026-03-26 21:17:03

Güncelleme

2026-03-30 13:26:50

Source Identifier

security@grafana.com

KEV Date Added

Kategoriler

CWE-285 MEDIUM 2026

Referanslar

https://grafana.com/security/security-advisories/cve-2026-21724