CVE-2026-21722 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-21722 PUBLISHED

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard.

EPSS 0.01% · 2.1th percentile

Risk Scores

EPSS Score

0.01%

2.1th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	12.3.0, 9.3.0, 12.0.0
Bitnami	grafana	9.3.0, 12.0.0, 12.2.0

Timeline

Feb 12, 2026 EPSS Score
Feb 12, 2026 CVE Published
Feb 13, 2026 EPSS Score
Feb 13, 2026 PoC Published
Feb 15, 2026 EPSS Score
Feb 15, 2026 PoC Published
Feb 16, 2026 EPSS Score
Feb 18, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 23, 2026 EPSS Score

References

Open in Interactive Console →