Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Grafana-PCP Plugin: Denial of Service and Data Exposure
ALSA-2026:3040
Summary
The Grafana plugin for Performance Co-Pilot has security updates to prevent a denial of service and potential data exposure. This update is important to apply to maintain the security and integrity of your Grafana plugin. Update to the latest version to ensure you have the latest security patches.
What to do
- Update almalinux grafana-pcp to version 5.1.1-12.el9_7.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| almalinux | grafana-pcp | <= 5.1.1-12.el9_7 | 5.1.1-12.el9_7 |
Original title
Important: grafana-pcp security update
Original description
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- https://access.redhat.com/errata/RHSA-2026:3040 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-68121 Third Party Advisory
- https://bugzilla.redhat.com/2418462 Third Party Advisory
- https://bugzilla.redhat.com/2434432 Third Party Advisory
- https://bugzilla.redhat.com/2437111 Third Party Advisory
- https://errata.almalinux.org/9/ALSA-2026-3040.html Vendor Advisory
Published: 23 Feb 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026