Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-13T19:28:40 grafana: Grafana: Unauthorized annotation deletion by editor users 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CWE-1220

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations.

A flaw was found in Grafana. An authenticated editor user could exploit this vulnerability to delete any annotation, even those for which they lack read permissions. This unauthorized action compromises the integrity of data by allowing deletion of information beyond their intended access scope.

Multicluster Global Hub Fix deferred multicluster-globalhub/multicluster-globalhub-grafana-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Fix deferred rhacm2/acm-grafana-rhel9 Red Hat Ceph Storage 5 Not affected rhceph/rhceph-5-dashboard-rhel8 Red Hat Ceph Storage 6 Not affected rhceph/rhceph-6-dashboard-rhel9 Red Hat Ceph Storage 8 Fix deferred rhceph/grafana-rhel9 Red Hat Ceph Storage 9 Fix deferred rhceph/grafana-rhel10 Red Hat Enterprise Linux 10 Fix deferred grafana Red Hat Enterprise Linux 8 Fix deferred grafana Red Hat Enterprise Linux 9 Fix deferred grafana https://www.cve.org/CVERecord?id=CVE-2026-28374 https://nvd.nist.gov/vuln/detail/CVE-2026-28374 https://grafana.com/security/security-advisories/cve-2026-28374