Skip to main content
All vulnerabilities
CVE-2021-39226

Grafana Authentication Bypass Vulnerability

Grafana LabsGrafana

Added to KEV catalog
25 August 2022
Federal remediation due date
15 September 2022
Weakness classification (CWE)
CWE-287

CISA Description

Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.

Required action

Apply updates per vendor instructions.

Notes

https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/; https://nvd.nist.gov/vuln/detail/CVE-2021-39226

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services