CVE-2026-11769 – Operator – Namespaced User Path Traversal

CVE ID :CVE-2026-11769

Published : June 13, 2026, 4:17 a.m. | 1 hour, 22 minutes ago

Description :We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.

### Summary

The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating language. The jsonnet expression is evaluated in the context of the operator manager pod.

### Impact

It is possible for a malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance to obtain the Kubernetes service account token of the Grafana Operator manager.

### Affected versions

All Grafana Operator versions
Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9848 – WP Ticket

CVE-2026-54231 – Abrt: unsanitized systemd journal content written to dump directory files enables content injection

CVE-2026-54230 – Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites

CVE-2026-54229 – Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking