Issued:: 2026-05-19
Updated:: 2026-05-19

RHSA-2026:19134 - Security Advisory

Overview
Updated Packages

Synopsis

Important: grafana security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

grafana: Grafana: Information disclosure of data-source passwords via public dashboards (CVE-2026-27877)
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 10 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64
Red Hat Enterprise Linux for IBM z Systems 10 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x
Red Hat Enterprise Linux for Power, little endian 10 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le
Red Hat Enterprise Linux for ARM 64 10 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x
Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le
Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x

Fixes

BZ - 2452293 - CVE-2026-27877 grafana: Grafana: Information disclosure of data-source passwords via public dashboards
BZ - 2456336 - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 10

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
x86_64
grafana-10.2.6-26.el10_2.x86_64.rpm	SHA-256: 1e33041abf47bce3c3a05dcb589afeb4c58897ea3e7f955300380e28d4709016
grafana-debuginfo-10.2.6-26.el10_2.x86_64.rpm	SHA-256: 873741cf1d0ea0aa30febdd3b22bc70f6727b3992f20facb062e1fe963b9e8cf
grafana-debugsource-10.2.6-26.el10_2.x86_64.rpm	SHA-256: aed6bbf06b8f29f52e31d28eda0577959c4741e6c8d6ae97830c4bf4560014a7
grafana-selinux-10.2.6-26.el10_2.x86_64.rpm	SHA-256: ce35cc8bc2d4987632588332f441c8281f66ccc3a6942438a43adceb0cc8434d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
x86_64
grafana-10.2.6-26.el10_2.x86_64.rpm	SHA-256: 1e33041abf47bce3c3a05dcb589afeb4c58897ea3e7f955300380e28d4709016
grafana-debuginfo-10.2.6-26.el10_2.x86_64.rpm	SHA-256: 873741cf1d0ea0aa30febdd3b22bc70f6727b3992f20facb062e1fe963b9e8cf
grafana-debugsource-10.2.6-26.el10_2.x86_64.rpm	SHA-256: aed6bbf06b8f29f52e31d28eda0577959c4741e6c8d6ae97830c4bf4560014a7
grafana-selinux-10.2.6-26.el10_2.x86_64.rpm	SHA-256: ce35cc8bc2d4987632588332f441c8281f66ccc3a6942438a43adceb0cc8434d

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
s390x
grafana-10.2.6-26.el10_2.s390x.rpm	SHA-256: 6934e0de7d6d32570a458ca7b13ff9d262deff17ead1f7cb43da737a8b8449da
grafana-debuginfo-10.2.6-26.el10_2.s390x.rpm	SHA-256: da158958fd7a3e7b7ff7577abed4011bc5ee17e58c77e640b18123362e24c31d
grafana-debugsource-10.2.6-26.el10_2.s390x.rpm	SHA-256: f6f361dabe43e2d505e1eae2c34d28e0735129c5f18892056cfde70aa30d993a
grafana-selinux-10.2.6-26.el10_2.s390x.rpm	SHA-256: bef6d45121bac4b46c160db6e0fd6a38a479552c2c34af7eda76a07e78bb2f5d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
s390x
grafana-10.2.6-26.el10_2.s390x.rpm	SHA-256: 6934e0de7d6d32570a458ca7b13ff9d262deff17ead1f7cb43da737a8b8449da
grafana-debuginfo-10.2.6-26.el10_2.s390x.rpm	SHA-256: da158958fd7a3e7b7ff7577abed4011bc5ee17e58c77e640b18123362e24c31d
grafana-debugsource-10.2.6-26.el10_2.s390x.rpm	SHA-256: f6f361dabe43e2d505e1eae2c34d28e0735129c5f18892056cfde70aa30d993a
grafana-selinux-10.2.6-26.el10_2.s390x.rpm	SHA-256: bef6d45121bac4b46c160db6e0fd6a38a479552c2c34af7eda76a07e78bb2f5d

Red Hat Enterprise Linux for Power, little endian 10

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
ppc64le
grafana-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 2fde27799ae743cde0641ca2628e3625803cb05294cdbba60f5d047db5084204
grafana-debuginfo-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 875683ff6d03dc5654cadd4ab38ac01489dcb30c1a296b85b9a09443b4fc0182
grafana-debugsource-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 4ec4c7c05e055201fe3cface14bc8eed64194164e634d72d6bae446e31ca7a9b
grafana-selinux-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 72f2e7a2eb4b5d0bb7c263f71da8b8fae7a1b24b3e50a5e8e471d1036568f365

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
ppc64le
grafana-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 2fde27799ae743cde0641ca2628e3625803cb05294cdbba60f5d047db5084204
grafana-debuginfo-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 875683ff6d03dc5654cadd4ab38ac01489dcb30c1a296b85b9a09443b4fc0182
grafana-debugsource-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 4ec4c7c05e055201fe3cface14bc8eed64194164e634d72d6bae446e31ca7a9b
grafana-selinux-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 72f2e7a2eb4b5d0bb7c263f71da8b8fae7a1b24b3e50a5e8e471d1036568f365

Red Hat Enterprise Linux for ARM 64 10

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
aarch64
grafana-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 8f3e25a74fd4c1cb70ef47ccbe3849a48f7f2fca5afd1a0594e52648c8ce9034
grafana-debuginfo-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 636192673c183cc7bac0146a90f3965b7c372c2043a9283ef2456c0ef23b5973
grafana-debugsource-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 94084e79c0ea7c91ab9d1e4b2ab618ded6b729c163d28401c0682bcb076df402
grafana-selinux-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 479ce3bc383b516c4a329effd558124249a42197b943e877f7048b9e9ed409fd

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
aarch64
grafana-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 8f3e25a74fd4c1cb70ef47ccbe3849a48f7f2fca5afd1a0594e52648c8ce9034
grafana-debuginfo-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 636192673c183cc7bac0146a90f3965b7c372c2043a9283ef2456c0ef23b5973
grafana-debugsource-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 94084e79c0ea7c91ab9d1e4b2ab618ded6b729c163d28401c0682bcb076df402
grafana-selinux-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 479ce3bc383b516c4a329effd558124249a42197b943e877f7048b9e9ed409fd

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
aarch64
grafana-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 8f3e25a74fd4c1cb70ef47ccbe3849a48f7f2fca5afd1a0594e52648c8ce9034
grafana-debuginfo-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 636192673c183cc7bac0146a90f3965b7c372c2043a9283ef2456c0ef23b5973
grafana-debugsource-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 94084e79c0ea7c91ab9d1e4b2ab618ded6b729c163d28401c0682bcb076df402
grafana-selinux-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 479ce3bc383b516c4a329effd558124249a42197b943e877f7048b9e9ed409fd

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
s390x
grafana-10.2.6-26.el10_2.s390x.rpm	SHA-256: 6934e0de7d6d32570a458ca7b13ff9d262deff17ead1f7cb43da737a8b8449da
grafana-debuginfo-10.2.6-26.el10_2.s390x.rpm	SHA-256: da158958fd7a3e7b7ff7577abed4011bc5ee17e58c77e640b18123362e24c31d
grafana-debugsource-10.2.6-26.el10_2.s390x.rpm	SHA-256: f6f361dabe43e2d505e1eae2c34d28e0735129c5f18892056cfde70aa30d993a
grafana-selinux-10.2.6-26.el10_2.s390x.rpm	SHA-256: bef6d45121bac4b46c160db6e0fd6a38a479552c2c34af7eda76a07e78bb2f5d

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
ppc64le
grafana-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 2fde27799ae743cde0641ca2628e3625803cb05294cdbba60f5d047db5084204
grafana-debuginfo-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 875683ff6d03dc5654cadd4ab38ac01489dcb30c1a296b85b9a09443b4fc0182
grafana-debugsource-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 4ec4c7c05e055201fe3cface14bc8eed64194164e634d72d6bae446e31ca7a9b
grafana-selinux-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 72f2e7a2eb4b5d0bb7c263f71da8b8fae7a1b24b3e50a5e8e471d1036568f365

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
x86_64
grafana-10.2.6-26.el10_2.x86_64.rpm	SHA-256: 1e33041abf47bce3c3a05dcb589afeb4c58897ea3e7f955300380e28d4709016
grafana-debuginfo-10.2.6-26.el10_2.x86_64.rpm	SHA-256: 873741cf1d0ea0aa30febdd3b22bc70f6727b3992f20facb062e1fe963b9e8cf
grafana-debugsource-10.2.6-26.el10_2.x86_64.rpm	SHA-256: aed6bbf06b8f29f52e31d28eda0577959c4741e6c8d6ae97830c4bf4560014a7
grafana-selinux-10.2.6-26.el10_2.x86_64.rpm	SHA-256: ce35cc8bc2d4987632588332f441c8281f66ccc3a6942438a43adceb0cc8434d

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
x86_64
grafana-10.2.6-26.el10_2.x86_64.rpm	SHA-256: 1e33041abf47bce3c3a05dcb589afeb4c58897ea3e7f955300380e28d4709016
grafana-debuginfo-10.2.6-26.el10_2.x86_64.rpm	SHA-256: 873741cf1d0ea0aa30febdd3b22bc70f6727b3992f20facb062e1fe963b9e8cf
grafana-debugsource-10.2.6-26.el10_2.x86_64.rpm	SHA-256: aed6bbf06b8f29f52e31d28eda0577959c4741e6c8d6ae97830c4bf4560014a7
grafana-selinux-10.2.6-26.el10_2.x86_64.rpm	SHA-256: ce35cc8bc2d4987632588332f441c8281f66ccc3a6942438a43adceb0cc8434d

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
aarch64
grafana-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 8f3e25a74fd4c1cb70ef47ccbe3849a48f7f2fca5afd1a0594e52648c8ce9034
grafana-debuginfo-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 636192673c183cc7bac0146a90f3965b7c372c2043a9283ef2456c0ef23b5973
grafana-debugsource-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 94084e79c0ea7c91ab9d1e4b2ab618ded6b729c163d28401c0682bcb076df402
grafana-selinux-10.2.6-26.el10_2.aarch64.rpm	SHA-256: 479ce3bc383b516c4a329effd558124249a42197b943e877f7048b9e9ed409fd

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
ppc64le
grafana-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 2fde27799ae743cde0641ca2628e3625803cb05294cdbba60f5d047db5084204
grafana-debuginfo-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 875683ff6d03dc5654cadd4ab38ac01489dcb30c1a296b85b9a09443b4fc0182
grafana-debugsource-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 4ec4c7c05e055201fe3cface14bc8eed64194164e634d72d6bae446e31ca7a9b
grafana-selinux-10.2.6-26.el10_2.ppc64le.rpm	SHA-256: 72f2e7a2eb4b5d0bb7c263f71da8b8fae7a1b24b3e50a5e8e471d1036568f365

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2

SRPM
grafana-10.2.6-26.el10_2.src.rpm	SHA-256: 1ed7c03935c9131b5180e13dff79caed23761bc76a40e05044709cc71c401e5f
s390x
grafana-10.2.6-26.el10_2.s390x.rpm	SHA-256: 6934e0de7d6d32570a458ca7b13ff9d262deff17ead1f7cb43da737a8b8449da
grafana-debuginfo-10.2.6-26.el10_2.s390x.rpm	SHA-256: da158958fd7a3e7b7ff7577abed4011bc5ee17e58c77e640b18123362e24c31d
grafana-debugsource-10.2.6-26.el10_2.s390x.rpm	SHA-256: f6f361dabe43e2d505e1eae2c34d28e0735129c5f18892056cfde70aa30d993a
grafana-selinux-10.2.6-26.el10_2.s390x.rpm	SHA-256: bef6d45121bac4b46c160db6e0fd6a38a479552c2c34af7eda76a07e78bb2f5d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation