Red Hat Security Advisory: grafana-pcp security update
This advisory addresses security vulnerabilities in the Grafana plugin for Performance Co-Pilot (grafana-pcp) on Red Hat Enterprise Linux 10. Two vulnerabilities are fixed: CVE-2026-32282, where the golang internal syscall Root. Chmod function can follow symlinks outside the root directory, and CVE-2026-32283, a denial of service issue in Go's crypto/tls package triggered by multiple TLS 1. 3 key update messages. The update is rated as important by Red Hat Product Security and affects multiple architectures of Red Hat Enterprise Linux 10. A security update is available to remediate these issues.
AI Analysis
Technical Summary
The Red Hat security advisory RHSA-2026:19136 provides an important update for the grafana-pcp package on Red Hat Enterprise Linux 10. It fixes two vulnerabilities: CVE-2026-32282, a golang internal syscall/unix issue where Root.Chmod can follow symlinks outside the intended root directory, potentially leading to unauthorized file permission changes; and CVE-2026-32283, a denial of service vulnerability in the Go crypto/tls package caused by handling multiple TLS 1.3 key update messages. These vulnerabilities affect the grafana-pcp plugin, which integrates with Performance Co-Pilot for scalable time series data and live metrics. The advisory includes updated packages for various architectures and references Red Hat's official update article for applying the fix.
Potential Impact
The impact includes potential unauthorized file permission changes due to symlink traversal (CVE-2026-32282) and denial of service conditions in TLS communications (CVE-2026-32283). These issues could affect the stability and security of systems running the vulnerable grafana-pcp plugin on Red Hat Enterprise Linux 10. No known exploits in the wild have been reported. The severity is rated as important by Red Hat, indicating a high security impact but not critical.
Mitigation Recommendations
Red Hat has released updated grafana-pcp packages that address these vulnerabilities. Users should apply the security update as described in Red Hat advisory RHSA-2026:19136 and the referenced update article (https://access.redhat.com/articles/11258). Since this is not a cloud service, remediation requires manual patching of affected systems. No alternative mitigations or workarounds are specified in the advisory.
Red Hat Security Advisory: grafana-pcp security update
Description
This advisory addresses security vulnerabilities in the Grafana plugin for Performance Co-Pilot (grafana-pcp) on Red Hat Enterprise Linux 10. Two vulnerabilities are fixed: CVE-2026-32282, where the golang internal syscall Root. Chmod function can follow symlinks outside the root directory, and CVE-2026-32283, a denial of service issue in Go's crypto/tls package triggered by multiple TLS 1. 3 key update messages. The update is rated as important by Red Hat Product Security and affects multiple architectures of Red Hat Enterprise Linux 10. A security update is available to remediate these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Red Hat security advisory RHSA-2026:19136 provides an important update for the grafana-pcp package on Red Hat Enterprise Linux 10. It fixes two vulnerabilities: CVE-2026-32282, a golang internal syscall/unix issue where Root.Chmod can follow symlinks outside the intended root directory, potentially leading to unauthorized file permission changes; and CVE-2026-32283, a denial of service vulnerability in the Go crypto/tls package caused by handling multiple TLS 1.3 key update messages. These vulnerabilities affect the grafana-pcp plugin, which integrates with Performance Co-Pilot for scalable time series data and live metrics. The advisory includes updated packages for various architectures and references Red Hat's official update article for applying the fix.
Potential Impact
The impact includes potential unauthorized file permission changes due to symlink traversal (CVE-2026-32282) and denial of service conditions in TLS communications (CVE-2026-32283). These issues could affect the stability and security of systems running the vulnerable grafana-pcp plugin on Red Hat Enterprise Linux 10. No known exploits in the wild have been reported. The severity is rated as important by Red Hat, indicating a high security impact but not critical.
Mitigation Recommendations
Red Hat has released updated grafana-pcp packages that address these vulnerabilities. Users should apply the security update as described in Red Hat advisory RHSA-2026:19136 and the referenced update article (https://access.redhat.com/articles/11258). Since this is not a cloud service, remediation requires manual patching of affected systems. No alternative mitigations or workarounds are specified in the advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:19136
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-32283"]
- Cvss Version
- null
Threat ID: 6a160975e29bf47b5063f9cb
Added to database: 5/26/2026, 8:58:29 PM
Last enriched: 5/26/2026, 10:08:41 PM
Last updated: 5/27/2026, 4:58:19 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.