[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-21725":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":38,"related":39,"reserved_at":9,"published_at":44,"modified_at":45,"state":46,"summary":47,"references_raw":55,"kevs":62,"epss":63,"epss_history":66,"metrics":336,"affected":347},"CVE-2026-21725","A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so.\n\nThis requires several very stringent conditions to be met:\n\n- The attacker must have admin access to the specific datasource prior to its first deletion.\n- Upon deletion, all steps within the attack must happen within the next 30 seconds and on the same pod of Grafana.\n- The attacker must delete the datasource, then someone must recreate it.\n- The new datasource must not have the attacker as an admin.\n- The new datasource must have the same UID as the prior datasource. These are randomised by default.\n- The datasource can now be re-deleted by the attacker.\n- Once 30 seconds are up, the attack is spent and cannot be repeated.\n- No datasource with any other UID can be attacked.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-367","Time-of-check Time-of-use (TOCTOU) Race Condition","The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.","weakness","Incomplete","Base","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[],[],[32,34,36],{"_key":33},"UBUNTU-CVE-2026-21725",{"_key":35},"SUSE-SU-2026:1524-1",{"_key":37},"OPENSUSE-SU-2026:10601-1",[],[40,41,42],{"_key":35},{"_key":37},{"_key":43},"CGA-WC22-F84P-J8F7","2026-02-25T12:35:43.104Z","2026-05-13T19:28:24.214Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":49,"epss_score":50,"severity":49,"severity_score":51,"severity_version":52,"severity_source":53,"severity_vector":54,"severity_status":46},false,"low",0.00014,2.6,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",[56],{"url":57,"sources":58,"tags":60},"https://grafana.com/security/security-advisories/cve-2026-21725",[53,59],"nvd",[61],"Vendor Advisory",[],{"date":64,"score":50,"percentile":65},"2026-06-05",0.02572,[67,71,75,78,81,84,87,90,93,96,99,102,105,107,110,113,116,119,122,125,128,131,134,137,140,143,146,149,152,155,158,161,165,168,171,174,177,180,183,186,189,192,195,198,200,203,206,209,212,215,218,221,224,227,230,234,237,240,243,246,249,252,256,259,262,265,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,311,313,315,318,321,324,327,330,333],{"date":68,"score":69,"percentile":70},"2026-02-26",0.00033,0.0928,{"date":72,"score":73,"percentile":74},"2026-02-27",0.00025,0.06626,{"date":76,"score":73,"percentile":77},"2026-02-28",0.06632,{"date":79,"score":73,"percentile":80},"2026-03-01",0.06685,{"date":82,"score":73,"percentile":83},"2026-03-02",0.06617,{"date":85,"score":73,"percentile":86},"2026-03-03",0.0677,{"date":88,"score":73,"percentile":89},"2026-03-04",0.06696,{"date":91,"score":73,"percentile":92},"2026-03-05",0.06719,{"date":94,"score":73,"percentile":95},"2026-03-06",0.06701,{"date":97,"score":73,"percentile":98},"2026-03-07",0.06705,{"date":100,"score":73,"percentile":101},"2026-03-08",0.06667,{"date":103,"score":73,"percentile":104},"2026-03-09",0.06631,{"date":106,"score":73,"percentile":77},"2026-03-10",{"date":108,"score":73,"percentile":109},"2026-03-11",0.06653,{"date":111,"score":73,"percentile":112},"2026-03-12",0.06684,{"date":114,"score":73,"percentile":115},"2026-03-13",0.06703,{"date":117,"score":73,"percentile":118},"2026-03-14",0.06655,{"date":120,"score":73,"percentile":121},"2026-03-15",0.06644,{"date":123,"score":73,"percentile":124},"2026-03-16",0.06623,{"date":126,"score":73,"percentile":127},"2026-03-17",0.06611,{"date":129,"score":73,"percentile":130},"2026-03-18",0.06595,{"date":132,"score":73,"percentile":133},"2026-03-19",0.06614,{"date":135,"score":73,"percentile":136},"2026-03-20",0.0663,{"date":138,"score":73,"percentile":139},"2026-03-21",0.06858,{"date":141,"score":73,"percentile":142},"2026-03-22",0.06851,{"date":144,"score":73,"percentile":145},"2026-03-23",0.06823,{"date":147,"score":73,"percentile":148},"2026-03-24",0.06814,{"date":150,"score":73,"percentile":151},"2026-03-25",0.06895,{"date":153,"score":73,"percentile":154},"2026-03-26",0.06967,{"date":156,"score":73,"percentile":157},"2026-03-27",0.06948,{"date":159,"score":73,"percentile":160},"2026-03-28",0.06955,{"date":162,"score":163,"percentile":164},"2026-03-29",0.00029,0.0837,{"date":166,"score":163,"percentile":167},"2026-03-30",0.08347,{"date":169,"score":163,"percentile":170},"2026-03-31",0.08312,{"date":172,"score":163,"percentile":173},"2026-04-01",0.08301,{"date":175,"score":163,"percentile":176},"2026-04-02",0.08355,{"date":178,"score":163,"percentile":179},"2026-04-03",0.08378,{"date":181,"score":163,"percentile":182},"2026-04-04",0.08408,{"date":184,"score":163,"percentile":185},"2026-04-05",0.08393,{"date":187,"score":163,"percentile":188},"2026-04-06",0.08318,{"date":190,"score":163,"percentile":191},"2026-04-07",0.08329,{"date":193,"score":163,"percentile":194},"2026-04-08",0.08392,{"date":196,"score":163,"percentile":197},"2026-04-09",0.08409,{"date":199,"score":163,"percentile":182},"2026-04-10",{"date":201,"score":163,"percentile":202},"2026-04-11",0.084,{"date":204,"score":163,"percentile":205},"2026-04-12",0.08381,{"date":207,"score":163,"percentile":208},"2026-04-13",0.08365,{"date":210,"score":163,"percentile":211},"2026-04-14",0.08235,{"date":213,"score":163,"percentile":214},"2026-04-15",0.08254,{"date":216,"score":163,"percentile":217},"2026-04-16",0.08257,{"date":219,"score":163,"percentile":220},"2026-04-17",0.08246,{"date":222,"score":163,"percentile":223},"2026-04-18",0.0824,{"date":225,"score":163,"percentile":226},"2026-04-19",0.08224,{"date":228,"score":163,"percentile":229},"2026-04-20",0.08212,{"date":231,"score":232,"percentile":233},"2026-04-21",0.00009,0.01008,{"date":235,"score":232,"percentile":236},"2026-04-22",0.0101,{"date":238,"score":232,"percentile":239},"2026-04-23",0.01014,{"date":241,"score":232,"percentile":242},"2026-04-24",0.01009,{"date":244,"score":232,"percentile":245},"2026-04-25",0.01006,{"date":247,"score":232,"percentile":248},"2026-04-26",0.01013,{"date":250,"score":232,"percentile":251},"2026-04-27",0.0102,{"date":253,"score":254,"percentile":255},"2026-04-28",0.00011,0.01372,{"date":257,"score":254,"percentile":258},"2026-04-29",0.01377,{"date":260,"score":254,"percentile":261},"2026-04-30",0.01374,{"date":263,"score":254,"percentile":264},"2026-05-01",0.01371,{"date":266,"score":254,"percentile":264},"2026-05-02",{"date":268,"score":254,"percentile":269},"2026-05-03",0.0137,{"date":271,"score":254,"percentile":272},"2026-05-04",0.01346,{"date":274,"score":254,"percentile":275},"2026-05-05",0.01345,{"date":277,"score":254,"percentile":278},"2026-05-06",0.01338,{"date":280,"score":254,"percentile":281},"2026-05-07",0.01339,{"date":283,"score":254,"percentile":284},"2026-05-08",0.01341,{"date":286,"score":254,"percentile":287},"2026-05-09",0.01336,{"date":289,"score":254,"percentile":290},"2026-05-10",0.01337,{"date":292,"score":254,"percentile":293},"2026-05-11",0.01332,{"date":295,"score":254,"percentile":296},"2026-05-12",0.01331,{"date":298,"score":50,"percentile":299},"2026-05-13",0.02546,{"date":301,"score":50,"percentile":302},"2026-05-14",0.02559,{"date":304,"score":50,"percentile":305},"2026-05-15",0.02567,{"date":307,"score":50,"percentile":308},"2026-05-16",0.0258,{"date":310,"score":50,"percentile":308},"2026-05-17",{"date":312,"score":50,"percentile":302},"2026-05-18",{"date":314,"score":50,"percentile":299},"2026-05-19",{"date":316,"score":50,"percentile":317},"2026-05-20",0.02545,{"date":319,"score":50,"percentile":320},"2026-05-21",0.02537,{"date":322,"score":50,"percentile":323},"2026-05-22",0.0269,{"date":325,"score":50,"percentile":326},"2026-05-23",0.02686,{"date":328,"score":50,"percentile":329},"2026-05-24",0.02655,{"date":331,"score":50,"percentile":332},"2026-05-25",0.02641,{"date":334,"score":50,"percentile":335},"2026-05-26",0.02604,[337,342],{"source":53,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":338,"cvss_v4_0":9},{"baseScore":51,"baseSeverity":339,"vectorString":54,"impactScore":340,"exploitabilityScore":341},"LOW",2.3,3.1,{"source":59,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":343,"cvss_v4_0":9},{"baseScore":344,"baseSeverity":339,"vectorString":345,"impactScore":340,"exploitabilityScore":346},2,"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",1.3,[348],{"ecosystem":9,"name":349,"vendor":349,"product":349,"cpe_part":350,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":351},"grafana","a",[352,360],{"version":353,"is_range":354,"range_type":355,"version_start":356,"version_start_type":357,"version_end":358,"version_end_type":359,"fixed_in":9},"gte11.0.0_lt12.4.1",true,"cpe","11.0.0","including","12.4.1","excluding",{"version":361,"is_range":354,"range_type":53,"version_start":362,"version_start_type":357,"version_end":363,"version_end_type":359,"fixed_in":9},">= v11.0.0, \u003C v12.4.1","v11.0.0","v12.4.1"]