Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

SUSE Grafana Important Security Update CVE-2025-3415 DoS 2026-1037-1

suse
Calendar Grey March 25, 2026
Dist Suse Esm H88
SUSE security update for Grafana fixes five issues with important rating, boosting security and functionality.
An update that solves five vulnerabilities and contains one feature can now be installed.

Summary

## This update for grafana fixes the following issues: * Security issues fixed: * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136) * CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337) * CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349) * CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302) * Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes: * Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and removed blurred backgrounds from UI overlays to speed up the interface.

References

* bsc#1245302

* bsc#1255340

* bsc#1257337

* bsc#1257349

* bsc#1258136

* jsc#MSQA-1045

Cross-

* CVE-2025-3415

* CVE-2025-68156

* CVE-2026-21720

* CVE-2026-21721

* CVE-2026-21722

CVSS scores:

* CVE-2025-3415 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-3415 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-3415 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-68156 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-68156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-68156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-21720 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1037-1
Release Date: 2026-03-25T10:31:13Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.