Leonideath

1 exploit Active since Jan 2026
CVE-2026-21721 NOMISEC HIGH WORKING POC
Grafana Dashboard Permissions API - Privilege Escalation
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.
2 stars
CVSS 8.1