Grafana Dashboard Overwrite Privilege Escalation via Editor Access
CVE-2026-33377 Published on May 13, 2026
Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-33377 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-33377
Want to know whenever a new CVE is published for Grafana Labs Grafana? stack.watch will email you.
Affected Versions
Grafana OSS:- Version 8.5.0, <= 11.6.14 is affected.
- Version 11.6.14 and below 11.6.14+security-04 is affected.
- Version 12.0.0, <= 12.2.8 is affected.
- Version 12.2.8 and below 12.2.8+security-04 is affected.
- Version 12.3.0, <= 12.3.6 is affected.
- Version 12.3.6 and below 12.3.6+security-04 is affected.
- Version 12.4.0, <= 12.4.3 is affected.
- Version 12.4.3 and below 12.4.3+security-02 is affected.
- Version 13.0.0, <= 13.0.1 is affected.
- Version 13.0.1 and below 13.0.1+security-01 is affected.