This release includes 10 security fixes for security teams reviewing exposed deployments.
Topics
+7 more
ReleasePort's take
Light signalCVE-2026-28374 is patched in Grafana v12.4.3+security-02. Core is affected; operators should upgrade.
Why it matters: Security vulnerability CVE-2026-28374 affecting core is fixed in v12.4.3+security-02. Upgrade immediately.
Summary
AI summaryCVE-2026-28374 security vulnerability fixed.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
CVE-2026-28374 fixed CVE-2026-28374 fixed Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
Download page
What's new highlights
- Security: CVE-2026-28374
- Security: CVE-2026-28376
- Security: CVE-2026-28383
- Security: CVE-2026-28380
- Security: CVE-2026-33376
- Security: CVE-2026-28379
- Security: CVE-2026-33377
- Security: CVE-2026-33378
- Security: CVE-2026-33381
- Security: CVE-2026-33380
Security Fixes
- CVE-2026-28374
- CVE-2026-28376
- CVE-2026-28383
- CVE-2026-28380
- CVE-2026-33376
- CVE-2026-28379
- CVE-2026-33377
- CVE-2026-33378
- CVE-2026-33381
- CVE-2026-33380
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Beta — feedback welcome: [email protected]