UBUNTU-CVE-2026-21724
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 26 Mar 2026, 21:17
Last modified:16 Apr 2026, 10:52
Vulnerability Summary
Overall Risk (default)
low
17/100 CVSS Score
4.3 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Mar 2026, 21:17
Published
Vulnerability first disclosed
16 Apr 2026, 10:52
Last Modified
Vulnerability information updated
Description
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Systems
- ubuntu•grafana
all