Security Advisory

CVE-2026-21721

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-27 09:07:55
Last updated 2026-06-30 12:06:49
Assigner GRAFANA
State PUBLISHED

Description

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.