Red Hat Security Advisory: grafana security update
Red Hat has issued a security advisory for Grafana packages in Red Hat Enterprise Linux 9. 4 Extended Update Support addressing three vulnerabilities in Go language components used by Grafana. These include a denial of service via crafted certificates (CVE-2025-61729), excessive CPU consumption in archive/zip (CVE-2025-61728), and memory exhaustion in query parameter parsing in net/url (CVE-2025-61726). The vulnerabilities can lead to resource exhaustion conditions. Red Hat rates the update as Important and has released updated packages to remediate these issues.
AI Analysis
Technical Summary
This advisory covers three security vulnerabilities affecting Grafana in Red Hat Enterprise Linux 9.4 EUS, all related to underlying Go language libraries. CVE-2025-61729 is a denial of service vulnerability caused by excessive resource consumption when processing crafted certificates in crypto/x509. CVE-2025-61728 involves excessive CPU usage when building archive indexes in archive/zip. CVE-2025-61726 causes memory exhaustion during query parameter parsing in net/url. These issues can be exploited to cause denial of service conditions by exhausting system resources. Red Hat has released updated Grafana packages that include fixes for these vulnerabilities.
Potential Impact
Successful exploitation of these vulnerabilities can cause denial of service through excessive CPU or memory consumption, potentially impacting availability of Grafana services on affected Red Hat Enterprise Linux 9.4 systems. There are no known exploits in the wild at this time. The vulnerabilities do not indicate privilege escalation or data confidentiality impacts based on the advisory.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 9.4 Extended Update Support that address these vulnerabilities. Users should apply the provided security update as detailed in Red Hat advisory RHSA-2026:3835 and the referenced article https://access.redhat.com/articles/11258 to remediate these issues. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: grafana security update
Description
Red Hat has issued a security advisory for Grafana packages in Red Hat Enterprise Linux 9. 4 Extended Update Support addressing three vulnerabilities in Go language components used by Grafana. These include a denial of service via crafted certificates (CVE-2025-61729), excessive CPU consumption in archive/zip (CVE-2025-61728), and memory exhaustion in query parameter parsing in net/url (CVE-2025-61726). The vulnerabilities can lead to resource exhaustion conditions. Red Hat rates the update as Important and has released updated packages to remediate these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers three security vulnerabilities affecting Grafana in Red Hat Enterprise Linux 9.4 EUS, all related to underlying Go language libraries. CVE-2025-61729 is a denial of service vulnerability caused by excessive resource consumption when processing crafted certificates in crypto/x509. CVE-2025-61728 involves excessive CPU usage when building archive indexes in archive/zip. CVE-2025-61726 causes memory exhaustion during query parameter parsing in net/url. These issues can be exploited to cause denial of service conditions by exhausting system resources. Red Hat has released updated Grafana packages that include fixes for these vulnerabilities.
Potential Impact
Successful exploitation of these vulnerabilities can cause denial of service through excessive CPU or memory consumption, potentially impacting availability of Grafana services on affected Red Hat Enterprise Linux 9.4 systems. There are no known exploits in the wild at this time. The vulnerabilities do not indicate privilege escalation or data confidentiality impacts based on the advisory.
Mitigation Recommendations
Red Hat has released updated Grafana packages for Red Hat Enterprise Linux 9.4 Extended Update Support that address these vulnerabilities. Users should apply the provided security update as detailed in Red Hat advisory RHSA-2026:3835 and the referenced article https://access.redhat.com/articles/11258 to remediate these issues. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:3835
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-61728","CVE-2025-61729"]
- Cvss Version
- null
Threat ID: 6a160968e29bf47b5062e434
Added to database: 5/26/2026, 8:58:16 PM
Last enriched: 5/26/2026, 9:40:08 PM
Last updated: 5/27/2026, 4:49:14 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.