Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Grafana: Unauthenticated Remote Code Execution Risk
RHSA-2026:3841
Summary
Grafana, a popular data visualization tool, has a security issue that could allow hackers to execute malicious code on your server without needing a password. This means that an attacker could take control of your server and steal sensitive data or use it to spread malware. Update Grafana immediately to fix this issue and protect your server.
What to do
- Update redhat grafana to version 0:6.3.6-10.el8_2.
- Update redhat grafana-azure-monitor to version 0:6.3.6-10.el8_2.
- Update redhat grafana-cloudwatch to version 0:6.3.6-10.el8_2.
- Update redhat grafana-debuginfo to version 0:6.3.6-10.el8_2.
- Update redhat grafana-elasticsearch to version 0:6.3.6-10.el8_2.
- Update redhat grafana-graphite to version 0:6.3.6-10.el8_2.
- Update redhat grafana-influxdb to version 0:6.3.6-10.el8_2.
- Update redhat grafana-loki to version 0:6.3.6-10.el8_2.
- Update redhat grafana-mssql to version 0:6.3.6-10.el8_2.
- Update redhat grafana-mysql to version 0:6.3.6-10.el8_2.
- Update redhat grafana-opentsdb to version 0:6.3.6-10.el8_2.
- Update redhat grafana-postgres to version 0:6.3.6-10.el8_2.
- Update redhat grafana-prometheus to version 0:6.3.6-10.el8_2.
- Update redhat grafana-stackdriver to version 0:6.3.6-10.el8_2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | grafana | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-azure-monitor | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-cloudwatch | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-debuginfo | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-elasticsearch | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-graphite | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-influxdb | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-loki | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-mssql | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-mysql | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-opentsdb | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-postgres | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-prometheus | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
| redhat | grafana-stackdriver | <= 0:6.3.6-10.el8_2 | 0:6.3.6-10.el8_2 |
Original title
Red Hat Security Advisory: grafana security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:3841 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418462 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2434432 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3841.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61726 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61726 Vendor Advisory
- https://go.dev/cl/736712 Third Party Advisory
- https://go.dev/issue/77101 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4341 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61729 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 Vendor Advisory
- https://go.dev/cl/725920 Third Party Advisory
- https://go.dev/issue/76445 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2025-4155 Vendor Advisory
Published: 5 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026