PatchSiren cyber security CVE debrief
CVE-2026-11769 Grafana CVE debrief
A critical security vulnerability has been discovered in the Grafana Operator, affecting all versions up to and including 5.23. This vulnerability, tracked as CVE-2026-11769, allows a malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance to obtain the Kubernetes service account token of the Grafana Operator manager.
- Vendor
- Grafana
- Product
- Grafana Operator
- CVSS
- MEDIUM 6.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-13
- Original CVE updated
- 2026-06-13
- Advisory published
- 2026-06-13
- Advisory updated
- 2026-06-13
Who should care
Users of Grafana Operator versions <= 5.23
Technical summary
The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating language. The jsonnet expression is evaluated in the context of the operator manager pod. A malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance can exploit this to obtain the Kubernetes service account token of the Grafana Operator manager.
Defensive priority
high
Recommended defensive actions
- Upgrade to Grafana Operator version 5.24.0 or later
- As a workaround, apply a ValidatingAdmissionPolicy to prevent the creation or modification of jsonnet-based resources
Evidence notes
The vulnerability was responsibly disclosed by Artem Cherezov.
Official resources
-
CVE-2026-11769 CVE record
CVE.org
-
CVE-2026-11769 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-11769 was published on 2026-06-13T06:16:14.380Z and has a CVSS score of 6.4, with a medium severity rating.