Red Hat Security Advisory: grafana security update
Red Hat has issued a security advisory for Grafana on Red Hat Enterprise Linux 10 addressing two vulnerabilities originating from Go language components. The first vulnerability (CVE-2026-32282) involves the golang internal syscall package where Root. Chmod can follow symlinks outside the intended root directory. The second (CVE-2026-32283) is a denial of service issue in Go's crypto/tls package triggered by multiple TLS 1. 3 key update messages. These issues affect various architectures supported by Red Hat Enterprise Linux 10. Red Hat has released updated packages to remediate these vulnerabilities.
AI Analysis
Technical Summary
This advisory covers two security fixes in Grafana packages distributed with Red Hat Enterprise Linux 10. The first fix addresses CVE-2026-32282, a vulnerability in the golang internal syscall/unix package where the Root.Chmod function can follow symbolic links outside the root directory, potentially leading to unauthorized file permission changes. The second fix addresses CVE-2026-32283, a denial of service vulnerability in the Go crypto/tls package caused by processing multiple TLS 1.3 key update messages. Red Hat has released updated Grafana packages for multiple architectures including x86_64, s390x, ppc64le, and aarch64 to resolve these issues.
Potential Impact
The Root.Chmod symlink vulnerability (CVE-2026-32282) could allow an attacker to manipulate file permissions outside the intended root directory, potentially leading to unauthorized access or privilege escalation. The TLS denial of service vulnerability (CVE-2026-32283) could allow an attacker to disrupt services by sending multiple TLS 1.3 key update messages, causing resource exhaustion or service unavailability. Both vulnerabilities have been rated with a high security impact by Red Hat.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 10 that address these vulnerabilities. Users should apply the available security updates as described in the Red Hat advisory RHSA-2026:11712 and the referenced article https://access.redhat.com/articles/11258. Applying these official patches is the recommended remediation. No additional mitigations or workarounds are indicated in the vendor advisory.
Red Hat Security Advisory: grafana security update
Description
Red Hat has issued a security advisory for Grafana on Red Hat Enterprise Linux 10 addressing two vulnerabilities originating from Go language components. The first vulnerability (CVE-2026-32282) involves the golang internal syscall package where Root. Chmod can follow symlinks outside the intended root directory. The second (CVE-2026-32283) is a denial of service issue in Go's crypto/tls package triggered by multiple TLS 1. 3 key update messages. These issues affect various architectures supported by Red Hat Enterprise Linux 10. Red Hat has released updated packages to remediate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two security fixes in Grafana packages distributed with Red Hat Enterprise Linux 10. The first fix addresses CVE-2026-32282, a vulnerability in the golang internal syscall/unix package where the Root.Chmod function can follow symbolic links outside the root directory, potentially leading to unauthorized file permission changes. The second fix addresses CVE-2026-32283, a denial of service vulnerability in the Go crypto/tls package caused by processing multiple TLS 1.3 key update messages. Red Hat has released updated Grafana packages for multiple architectures including x86_64, s390x, ppc64le, and aarch64 to resolve these issues.
Potential Impact
The Root.Chmod symlink vulnerability (CVE-2026-32282) could allow an attacker to manipulate file permissions outside the intended root directory, potentially leading to unauthorized access or privilege escalation. The TLS denial of service vulnerability (CVE-2026-32283) could allow an attacker to disrupt services by sending multiple TLS 1.3 key update messages, causing resource exhaustion or service unavailability. Both vulnerabilities have been rated with a high security impact by Red Hat.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 10 that address these vulnerabilities. Users should apply the available security updates as described in the Red Hat advisory RHSA-2026:11712 and the referenced article https://access.redhat.com/articles/11258. Applying these official patches is the recommended remediation. No additional mitigations or workarounds are indicated in the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:11712
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-32283"]
- Cvss Version
- null
Threat ID: 6a160975e29bf47b506402e0
Added to database: 5/26/2026, 8:58:29 PM
Last enriched: 5/26/2026, 10:10:08 PM
Last updated: 5/27/2026, 5:02:07 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.