This release includes 10 security fixes for security teams reviewing exposed deployments.
Topics
+7 more
ReleasePort's take
Light signalGrafana v12.2.8+security-04 includes a fix for CVE-2026-28374.
Why it matters: Patch to Grafana v12.2.8+security-04 immediately because it resolves the critical vulnerability CVE-2026-28374.
Summary
AI summarySecurity patches applied to grafana. Update recommended.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
CVE-2026-28374 fixed CVE-2026-28374 fixed Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
Download page
What's new highlights
- Security: CVE-2026-28374
- Security: CVE-2026-28376
- Security: CVE-2026-28383
- Security: CVE-2026-28380
- Security: CVE-2026-33376
- Security: CVE-2026-28379
- Security: CVE-2026-33377
- Security: CVE-2026-33378
- Security: CVE-2026-33381
- Security: CVE-2026-33380
Security Fixes
- CVE-2026-28374
- CVE-2026-28376
- CVE-2026-28383
- CVE-2026-28380
- CVE-2026-33376
- CVE-2026-28379
- CVE-2026-33377
- CVE-2026-33378
- CVE-2026-33381
- CVE-2026-33380
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Beta — feedback welcome: [email protected]