CVE-2026-0712

Severity CVSS v4.0:

Pending analysis

Type:

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Publication date:

15/01/2026

Last modified:

15/01/2026

Description

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS v3.1 Severity and Metrics:

Base Score: 7.60 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): Low
Availability (A): Low

Base Score 3.x

7.60

Severity 3.x

HIGH

CVE-2026-0712

Description

Impact

References to Advisories, Solutions, and Tools