CVE-2021-39226
Grafana Authentication Bypass Vulnerability
CVSS
—
No CVSS
EPSS
99.9%
p100
KEV
YES
Aug 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
99.9%EPSS · 30 days99.9%
2026-06-302026-07-16
Product
Grafana Labs / Grafana
Vulnerability
Grafana Authentication Bypass Vulnerability
Added to KEV
Aug 25, 2022
Remediate by
Sep 15, 2022
Known ransomware use
No
Summary description
Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
Required action
Apply updates per vendor instructions.
Notes
https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/; https://nvd.nist.gov/vuln/detail/CVE-2021-39226
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-43798—99.8%
KEV—80Grafana Path Traversal Vulnerability—