CVE-2026-21722

MEDIUM

Public Dashboards time range restriction on annotations can be bypassed

CVSS v3

5.3

MEDIUM

EPSS Score

0.0%

exploit probability

CISA KEV

No

known exploited

Exploitation

none

SSVC status

Description

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard.

Technical Details

CVSS v3 Vector
3.1
Published
2/12/2026
Last Modified
2/27/2026

Frequently Asked Questions

What is CVE-2026-21722?

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard.

Is CVE-2026-21722 actively exploited?

Active exploitation of CVE-2026-21722 has not been confirmed. The EPSS score is 0.0%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2026-21722?

CVE-2026-21722 has a CVSS v3 base score of 5.3 (MEDIUM severity), with vector string 3.1.

Is CVE-2026-21722 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.