VDB
CVE-2026-0712
CVE-2026-0712
PUBLISHED
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
EPSS 0.05% · 14.1th percentile
Risk Scores
EPSS Score
0.05%
14.1th percentile
Exploit Intelligence
- CIRCL seen: CVE-2026-0712 (circl-sighting)
- CIRCL seen: CVE-2026-0712 (circl-sighting)
- CIRCL seen: CVE-2026-0712 (circl-sighting)
- socData.js (github-poc)
- socData.js (github-poc)
- socData.js (github-poc)
- socData.js (github-poc)
Timeline
- Jan 15, 2026 PoC Published
- Jan 15, 2026 PoC Published
- Jan 15, 2026 PoC Published
- Jan 16, 2026 EPSS Score
- Jan 17, 2026 EPSS Score
- Jan 18, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 20, 2026 EPSS Score
- Jan 21, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
- Jan 22, 2026 CVE Rejected
- Jan 22, 2026 CVE Updated
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-0712 advisory
- https://sick.com/psirt url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.first.org/cvss/calculator/3.1 url
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json url
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf url
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf url