Grafana Dashboard Permissions API Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Grafana Dashboard Permissions API. The issue arises because the API does not properly verify the scope of the target dashboard, only checking for the 'dashboards.permissions:*' action. This flaw allows a user with permission management rights on one dashboard to read and modify permissions on other dashboards within the same organization.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of dashboard permissions, allowing users to gain elevated privileges on dashboards they should not have access to.

Added: Jan 27, 2026, 9:41 AM

Updated: Jan 27, 2026, 3:48 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

3.1

exploitability

4.8

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

3.1

exploitability

4.8

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grafana Dashboard Permissions API Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

Grafana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating