CVE-2026-11769: Vulnerability in Grafana Grafana Operator
A critical path traversal and privilege escalation vulnerability exists in Grafana Operator versions up to 5.23. This vulnerability allows a malicious user who can create or modify Dashboard or LibraryPanel resources using jsonnet data templating to obtain the Kubernetes service account token of the Grafana Operator manager. A fixed version 5.24.0 has been released to address this issue. As a workaround, a ValidatingAdmissionPolicy can be applied to prevent creation or modification of jsonnet-based resources.
AI Analysis
Technical Summary
The Grafana Operator supports loading dashboards and library panels via the jsonnet data templating language, which is evaluated in the context of the operator manager pod. This creates a path traversal and privilege escalation vulnerability whereby an attacker with permission to create or modify Dashboard or LibraryPanel resources can extract the Kubernetes service account token of the operator manager pod. This token could potentially be used to escalate privileges within the Kubernetes cluster. The vulnerability affects all Grafana Operator versions up to and including 5.23. Version 5.24.0 includes a critical security fix for this issue. A workaround involves deploying a ValidatingAdmissionPolicy to block jsonnet-based resource creation or modification.
Potential Impact
A malicious user with the ability to create or modify Grafana Dashboard or LibraryPanel resources can exploit this vulnerability to obtain the Kubernetes service account token of the Grafana Operator manager pod. This token could allow unauthorized access or privilege escalation within the Kubernetes environment, potentially compromising cluster security.
Mitigation Recommendations
Upgrade all Grafana Operator installations to version 5.24.0 or later, which contains the official security fix. As a temporary workaround, deploy the provided ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding to deny creation or modification of jsonnet-based dashboards and library panels. This prevents exploitation by blocking the vulnerable resource types until the upgrade can be performed.
CVE-2026-11769: Vulnerability in Grafana Grafana Operator
Description
A critical path traversal and privilege escalation vulnerability exists in Grafana Operator versions up to 5.23. This vulnerability allows a malicious user who can create or modify Dashboard or LibraryPanel resources using jsonnet data templating to obtain the Kubernetes service account token of the Grafana Operator manager. A fixed version 5.24.0 has been released to address this issue. As a workaround, a ValidatingAdmissionPolicy can be applied to prevent creation or modification of jsonnet-based resources.
CVSS v4.0
Score 6.4medium
Affected software
pkg:github/grafana/grafana-operatorRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Grafana Operator supports loading dashboards and library panels via the jsonnet data templating language, which is evaluated in the context of the operator manager pod. This creates a path traversal and privilege escalation vulnerability whereby an attacker with permission to create or modify Dashboard or LibraryPanel resources can extract the Kubernetes service account token of the operator manager pod. This token could potentially be used to escalate privileges within the Kubernetes cluster. The vulnerability affects all Grafana Operator versions up to and including 5.23. Version 5.24.0 includes a critical security fix for this issue. A workaround involves deploying a ValidatingAdmissionPolicy to block jsonnet-based resource creation or modification.
Potential Impact
A malicious user with the ability to create or modify Grafana Dashboard or LibraryPanel resources can exploit this vulnerability to obtain the Kubernetes service account token of the Grafana Operator manager pod. This token could allow unauthorized access or privilege escalation within the Kubernetes environment, potentially compromising cluster security.
Mitigation Recommendations
Upgrade all Grafana Operator installations to version 5.24.0 or later, which contains the official security fix. As a temporary workaround, deploy the provided ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding to deny creation or modification of jsonnet-based dashboards and library panels. This prevents exploitation by blocking the vulnerable resource types until the upgrade can be performed.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GRAFANA
- Date Reserved
- 2026-06-09T10:52:06.229Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2ce98ae617e2d83459addd
Added to database: 6/13/2026, 5:24:26 AM
Last enriched: 6/13/2026, 5:39:19 AM
Last updated: 6/13/2026, 6:49:32 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.