Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

CVE-2026-21722 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-21722

CVE-2026-21722

MEDIUM5.3

Public Dashboards time range restriction on annotations can be bypassed

Published Feb 12, 2026

Modified 2 days ago

Details

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange.

This did not leak any annotations that would not otherwise be visible on the public dashboard.

References

https://grafana.com/security/security-advisories/cve-2026-21722

https://www.cve.org/CVERecord?id=CVE-2026-21722

CVSS Analysis

CVSS v3.1

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

NoneI:N

Availability

NoneA:N

5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ecosystems

Timeline

PublishedFeb 12, 2026

ModifiedApr 24, 2026