Red Hat Security Advisory: grafana-pcp security update
A security update for the Grafana plugin for Performance Co-Pilot (grafana-pcp) addresses two vulnerabilities: CVE-2026-32282, where the golang internal syscall Root. Chmod function can follow symlinks outside the intended root directory, and CVE-2026-32283, a denial of service vulnerability in Go's crypto/tls via multiple TLS 1. 3 key update messages. These issues affect Red Hat Enterprise Linux 9 and related distributions. Red Hat has released updated packages to fix these vulnerabilities.
AI Analysis
Technical Summary
The Grafana plugin for Performance Co-Pilot includes datasources and dashboards for monitoring scalable time series and live PCP metrics. Two security flaws were identified: CVE-2026-32282 involves a golang internal syscall (Root.Chmod) that improperly follows symbolic links outside the root directory, potentially leading to unauthorized file system modifications. CVE-2026-32283 is a denial of service vulnerability in Go's crypto/tls implementation triggered by multiple TLS 1.3 key update messages. Red Hat has issued an important security advisory (RHSA-2026:11704) with updated grafana-pcp packages for Red Hat Enterprise Linux 9 to remediate these issues.
Potential Impact
The first vulnerability (CVE-2026-32282) could allow unauthorized file permission changes outside the intended root directory due to symlink traversal, potentially leading to privilege escalation or unauthorized system modifications. The second vulnerability (CVE-2026-32283) can cause denial of service by exploiting the TLS 1.3 key update mechanism, potentially disrupting secure communications. Both vulnerabilities are rated with an important security impact by Red Hat, indicating significant risk if unpatched.
Mitigation Recommendations
Red Hat has released updated grafana-pcp packages for Red Hat Enterprise Linux 9 that address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2026:11704 and the referenced article https://access.redhat.com/articles/11258. No additional mitigations are indicated beyond applying the official patch. Patch status is confirmed as available from Red Hat.
Red Hat Security Advisory: grafana-pcp security update
Description
A security update for the Grafana plugin for Performance Co-Pilot (grafana-pcp) addresses two vulnerabilities: CVE-2026-32282, where the golang internal syscall Root. Chmod function can follow symlinks outside the intended root directory, and CVE-2026-32283, a denial of service vulnerability in Go's crypto/tls via multiple TLS 1. 3 key update messages. These issues affect Red Hat Enterprise Linux 9 and related distributions. Red Hat has released updated packages to fix these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Grafana plugin for Performance Co-Pilot includes datasources and dashboards for monitoring scalable time series and live PCP metrics. Two security flaws were identified: CVE-2026-32282 involves a golang internal syscall (Root.Chmod) that improperly follows symbolic links outside the root directory, potentially leading to unauthorized file system modifications. CVE-2026-32283 is a denial of service vulnerability in Go's crypto/tls implementation triggered by multiple TLS 1.3 key update messages. Red Hat has issued an important security advisory (RHSA-2026:11704) with updated grafana-pcp packages for Red Hat Enterprise Linux 9 to remediate these issues.
Potential Impact
The first vulnerability (CVE-2026-32282) could allow unauthorized file permission changes outside the intended root directory due to symlink traversal, potentially leading to privilege escalation or unauthorized system modifications. The second vulnerability (CVE-2026-32283) can cause denial of service by exploiting the TLS 1.3 key update mechanism, potentially disrupting secure communications. Both vulnerabilities are rated with an important security impact by Red Hat, indicating significant risk if unpatched.
Mitigation Recommendations
Red Hat has released updated grafana-pcp packages for Red Hat Enterprise Linux 9 that address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory RHSA-2026:11704 and the referenced article https://access.redhat.com/articles/11258. No additional mitigations are indicated beyond applying the official patch. Patch status is confirmed as available from Red Hat.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:11704
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-32283"]
- Cvss Version
- null
Threat ID: 6a160976e29bf47b50640bef
Added to database: 5/26/2026, 8:58:30 PM
Last enriched: 5/26/2026, 10:10:29 PM
Last updated: 5/27/2026, 4:48:03 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.