Release date:
2026-06-12 08:37:45 UTC
Description:
- CVE-2026-33376: fix auth proxy IPv6 allow-list entries without an explicit
mask being coerced to /32 instead of /128, which widened the allowed source
address range
- CVE-2026-33377: fix privilege escalation where an Editor overwriting an
existing dashboard via the import API had default permissions re-applied,
granting them Admin on that dashboard; default permissions are now only set
for newly created dashboards
Updated packages:
-
grafana-10.2.6-15.el9_6.tuxcare.els10.x86_64.rpm
sha:f13f070f5e76b32e23203e30964889b291be26e48b083ced007e6869363e0b44
-
grafana-selinux-10.2.6-15.el9_6.tuxcare.els10.x86_64.rpm
sha:8e05c08015bbb5cd623b211f4bc85bf47e26f3ceb0a47092d10b98e8c0413954
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
