Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Grafana and PCP exposed to potential data access and unauthorized changes
RHSA-2026:3821
Summary
Grafana and Performance Co-Pilot (PCP) are affected by a security issue that could allow attackers to access sensitive data and make unauthorized changes. This issue requires Grafana and PCP to be updated to the latest versions to ensure security and prevent potential harm. Affected users should update their systems as soon as possible.
What to do
- Update redhat grafana-pcp to version 0:3.2.0-5.el8_8.
- Update redhat grafana-pcp-debuginfo to version 0:3.2.0-5.el8_8.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | grafana-pcp | <= 0:3.2.0-5.el8_8 | 0:3.2.0-5.el8_8 |
| redhat | grafana-pcp-debuginfo | <= 0:3.2.0-5.el8_8 | 0:3.2.0-5.el8_8 |
| redhat | grafana-pcp | <= 0:3.2.0-5.el8_8 | 0:3.2.0-5.el8_8 |
| redhat | grafana-pcp-debuginfo | <= 0:3.2.0-5.el8_8 | 0:3.2.0-5.el8_8 |
Original title
Red Hat Security Advisory: grafana-pcp security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:3821 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418462 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2434432 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3821.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61726 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61726 Vendor Advisory
- https://go.dev/cl/736712 Third Party Advisory
- https://go.dev/issue/77101 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4341 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61729 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 Vendor Advisory
- https://go.dev/cl/725920 Third Party Advisory
- https://go.dev/issue/76445 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2025-4155 Vendor Advisory
Published: 5 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026