Grafana Token Minting Access Revocation Delay Vulnerability

Vulnerability

A vulnerability exists in Grafana that allows users to continue minting tokens for a service account for a few seconds after their access has been revoked. This issue arises because the revocation process does not take immediate effect, creating a brief window of opportunity for unauthorized token minting.

Impact

Exploitation of this vulnerability could lead to unauthorized token minting, allowing users to gain access or privileges they should no longer have.

Added: May 13, 2026, 8:27 PM

Updated: May 13, 2026, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

5.0

exploitability

4.8

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

5.0

exploitability

4.8

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grafana Token Minting Access Revocation Delay Vulnerability

Vulnerability

Impact

Affected Products

Grafana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating