Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-13T19:28:31 grafana: Grafana: Temporary access control bypass for service account token minting 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N CWE-272

A flaw was found in Grafana. When a user's access to mint tokens for a service account is revoked, the system may temporarily allow the user to continue minting tokens for a few seconds. This could lead to a temporary bypass of access control, potentially enabling unauthorized actions if the tokens are used before the revocation fully propagates.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Multicluster Global Hub Fix deferred multicluster-globalhub/multicluster-globalhub-grafana-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Fix deferred rhacm2/acm-grafana-rhel9 Red Hat Ceph Storage 5 Fix deferred rhceph/rhceph-5-dashboard-rhel8 Red Hat Ceph Storage 6 Fix deferred rhceph/rhceph-6-dashboard-rhel9 Red Hat Ceph Storage 8 Fix deferred rhceph/grafana-rhel9 Red Hat Ceph Storage 9 Fix deferred rhceph/grafana-rhel10 Red Hat Enterprise Linux 10 Fix deferred grafana Red Hat Enterprise Linux 8 Fix deferred grafana Red Hat Enterprise Linux 9 Fix deferred grafana https://www.cve.org/CVERecord?id=CVE-2026-33381 https://nvd.nist.gov/vuln/detail/CVE-2026-33381 https://grafana.com/security/security-advisories/cve-2026-33381