Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2p67-fzwx-qyfg
Summarygrafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation
Aliases
0
alias CVE-2026-21721
Fixed_packages
Affected_packages
0
url pkg:rpm/redhat/grafana@10.2.6-17?arch=el9_6
purl pkg:rpm/redhat/grafana@10.2.6-17?arch=el9_6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p67-fzwx-qyfg
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@10.2.6-17%3Farch=el9_6
1
url pkg:rpm/redhat/grafana@10.2.6-18?arch=el9_7
purl pkg:rpm/redhat/grafana@10.2.6-18?arch=el9_7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p67-fzwx-qyfg
1
vulnerability VCID-5q9b-a7c4-1yht
2
vulnerability VCID-dp1t-v58b-43du
3
vulnerability VCID-dtt9-gmqf-nbaf
4
vulnerability VCID-hay4-q9m3-ekdj
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@10.2.6-18%3Farch=el9_7
2
url pkg:rpm/redhat/grafana@10.2.6-20?arch=el10_0
purl pkg:rpm/redhat/grafana@10.2.6-20?arch=el10_0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p67-fzwx-qyfg
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@10.2.6-20%3Farch=el10_0
3
url pkg:rpm/redhat/grafana@10.2.6-22?arch=el10_1
purl pkg:rpm/redhat/grafana@10.2.6-22?arch=el10_1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2p67-fzwx-qyfg
1
vulnerability VCID-5q9b-a7c4-1yht
2
vulnerability VCID-dp1t-v58b-43du
3
vulnerability VCID-dtt9-gmqf-nbaf
4
vulnerability VCID-hay4-q9m3-ekdj
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@10.2.6-22%3Farch=el10_1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21721.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21721.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21721
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01312
published_at 2026-04-04T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01305
published_at 2026-04-02T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.0198
published_at 2026-04-08T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.01964
published_at 2026-04-12T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.01959
published_at 2026-04-13T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.0194
published_at 2026-04-16T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.01942
published_at 2026-04-18T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.01978
published_at 2026-04-07T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.01995
published_at 2026-04-09T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.01979
published_at 2026-04-11T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.03159
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21721
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2433242
reference_id 2433242
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2433242
4
reference_url https://grafana.com/security/security-advisories/cve-2026-21721
reference_id cve-2026-21721
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T04:55:19Z/
url https://grafana.com/security/security-advisories/cve-2026-21721
5
reference_url https://access.redhat.com/errata/RHSA-2026:2914
reference_id RHSA-2026:2914
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2914
6
reference_url https://access.redhat.com/errata/RHSA-2026:2920
reference_id RHSA-2026:2920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2920
7
reference_url https://access.redhat.com/errata/RHSA-2026:3078
reference_id RHSA-2026:3078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3078
8
reference_url https://access.redhat.com/errata/RHSA-2026:3529
reference_id RHSA-2026:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3529
9
reference_url https://access.redhat.com/errata/RHSA-2026:8229
reference_id RHSA-2026:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8229
Weaknesses
0
cwe_id 639
name Authorization Bypass Through User-Controlled Key
description The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Exploits
Severity_range_score8.1 - 8.1
Exploitability0.5
Weighted_severity7.3
Risk_score3.6
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2p67-fzwx-qyfg