This release includes 10 security fixes for security teams reviewing exposed deployments.
Topics
+7 more
ReleasePort's take
Light signalGrafana v11.6.14+security-04 patches multiple security vulnerabilities including CVE-2026-28374.
Why it matters: Patch to Grafana v11.6.14+security-04 immediately; the release resolves ten critical CVEs (CVSS scores not disclosed).
Summary
AI summaryFixes multiple security vulnerabilities including CVE-2026-28374, CVE-2026-28376, CVE-2026-28383, CVE-2026-28380, CVE-2026-33376, CVE-2026-28379, CVE-2026-33377, CVE-2026-33378, CVE-2026-33381, and CVE-2026-33380.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Addresses security vulnerability CVE-2026-28374 Addresses security vulnerability CVE-2026-28374 Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
Download page
What's new highlights
- Security: CVE-2026-28374
- Security: CVE-2026-28376
- Security: CVE-2026-28383
- Security: CVE-2026-28380
- Security: CVE-2026-33376
- Security: CVE-2026-28379
- Security: CVE-2026-33377
- Security: CVE-2026-33378
- Security: CVE-2026-33381
- Security: CVE-2026-33380
Security Fixes
- CVE-2026-28374
- CVE-2026-28376
- CVE-2026-28383
- CVE-2026-28380
- CVE-2026-33376
- CVE-2026-28379
- CVE-2026-33377
- CVE-2026-33378
- CVE-2026-33381
- CVE-2026-33380
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Beta — feedback welcome: [email protected]