CVE-2026-21722
MEDIUMPublic Dashboards time range restriction on annotations can be bypassed
CVSS v3
5.3
MEDIUM
EPSS Score
0.0%
exploit probability
CISA KEV
No
known exploited
Exploitation
none
SSVC status
Description
Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 2/12/2026
- Last Modified
- 2/27/2026
Frequently Asked Questions
What is CVE-2026-21722?
Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard.
Is CVE-2026-21722 actively exploited?
Active exploitation of CVE-2026-21722 has not been confirmed. The EPSS score is 0.0%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2026-21722?
CVE-2026-21722 has a CVSS v3 base score of 5.3 (MEDIUM severity), with vector string 3.1.
Is CVE-2026-21722 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.