Red Hat Security Advisory: grafana-pcp security update
A security update for the Grafana plugin for Performance Co-Pilot (grafana-pcp) addresses three vulnerabilities related to the Go programming language libraries used within the plugin. These include a denial of service via crafted certificates (CVE-2025-61729), memory exhaustion during URL query parameter parsing (CVE-2025-61726), and unexpected session resumption in TLS (CVE-2025-68121). The vulnerabilities affect Red Hat Enterprise Linux 9. 6 Extended Update Support and related variants. Red Hat has issued an important security advisory with updated packages to fix these issues.
AI Analysis
Technical Summary
The Grafana plugin for Performance Co-Pilot includes datasources and dashboards for scalable time series and live metrics. It was found to contain multiple security vulnerabilities in underlying Go libraries: CVE-2025-61729 (crypto/x509) allows denial of service through excessive resource consumption with crafted certificates; CVE-2025-61726 (net/url) causes memory exhaustion during query parameter parsing; and CVE-2025-68121 (crypto/tls) involves unexpected session resumption. Red Hat released updated grafana-pcp packages for Red Hat Enterprise Linux 9.6 Extended Update Support to remediate these issues. The advisory references specific bugzilla entries and provides package updates for multiple architectures.
Potential Impact
The vulnerabilities can lead to denial of service conditions due to resource exhaustion or unexpected behavior in TLS session handling when exploited. This could affect availability and potentially disrupt services relying on the grafana-pcp plugin. No known exploits in the wild have been reported. The impact is rated as important by Red Hat, corresponding to a high severity level.
Mitigation Recommendations
Red Hat has released updated packages for grafana-pcp in Red Hat Enterprise Linux 9.6 Extended Update Support that address these vulnerabilities. Users should apply these official updates as described in the Red Hat advisory RHSA-2026:3817 and the referenced article https://access.redhat.com/articles/11258. Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: grafana-pcp security update
Description
A security update for the Grafana plugin for Performance Co-Pilot (grafana-pcp) addresses three vulnerabilities related to the Go programming language libraries used within the plugin. These include a denial of service via crafted certificates (CVE-2025-61729), memory exhaustion during URL query parameter parsing (CVE-2025-61726), and unexpected session resumption in TLS (CVE-2025-68121). The vulnerabilities affect Red Hat Enterprise Linux 9. 6 Extended Update Support and related variants. Red Hat has issued an important security advisory with updated packages to fix these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Grafana plugin for Performance Co-Pilot includes datasources and dashboards for scalable time series and live metrics. It was found to contain multiple security vulnerabilities in underlying Go libraries: CVE-2025-61729 (crypto/x509) allows denial of service through excessive resource consumption with crafted certificates; CVE-2025-61726 (net/url) causes memory exhaustion during query parameter parsing; and CVE-2025-68121 (crypto/tls) involves unexpected session resumption. Red Hat released updated grafana-pcp packages for Red Hat Enterprise Linux 9.6 Extended Update Support to remediate these issues. The advisory references specific bugzilla entries and provides package updates for multiple architectures.
Potential Impact
The vulnerabilities can lead to denial of service conditions due to resource exhaustion or unexpected behavior in TLS session handling when exploited. This could affect availability and potentially disrupt services relying on the grafana-pcp plugin. No known exploits in the wild have been reported. The impact is rated as important by Red Hat, corresponding to a high severity level.
Mitigation Recommendations
Red Hat has released updated packages for grafana-pcp in Red Hat Enterprise Linux 9.6 Extended Update Support that address these vulnerabilities. Users should apply these official updates as described in the Red Hat advisory RHSA-2026:3817 and the referenced article https://access.redhat.com/articles/11258. Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:3817
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-61729","CVE-2025-68121"]
- Cvss Version
- null
Threat ID: 6a160969e29bf47b5062f01c
Added to database: 5/26/2026, 8:58:17 PM
Last enriched: 5/26/2026, 9:41:02 PM
Last updated: 5/27/2026, 4:49:11 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.