CVE-2026-21721
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a
CVSS
8.1
Alto
EPSS
0.6%
p47
KEV
—
Exploit Today
14
0-100
Publicado: 27 ene 2026 · Última mod.: 16 jul 2026 · CWE-863 · CWE-639
0.6%EPSS · 30 días0.6%
2026-06-302026-07-17
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.
- grafana.comhttps://grafana.com/security/security-advisories/cve-2026-21721
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2914
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2920
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3078
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3529
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:40138
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:5633
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:8229
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-21721
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2433242
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21721.json
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-552558.4 ALT42.8%
KEV—63Langflow Authorization Bypass Through User-Controlled Key Vulnerability9dCVE-2026-350298.8 ALT97.8%
——29LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment variables, register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution, read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image, and take over other privileged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables. Fixed in v1.83.0.3dCVE-2026-479967.6 ALT96.9%
——29Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.2dCVE-2021-464168.1 ALT89.9%
——27Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.4dCVE-2025-324622.8 BAJ86.9%
——26Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.3dCVE-2022-289867.5 ALT80.8%
——24LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.9d