Description
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published: 2026-01-15
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References

No reference.

History

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Description A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashboards in any folder regardless of permissions - Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Sick Ag
Sick Ag incoming Goods Suite
Vendors & Products Sick Ag
Sick Ag incoming Goods Suite

Thu, 15 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 15 Jan 2026 13:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashboards in any folder regardless of permissions - Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

Sick Ag Incoming Goods Suite
cve-icon MITRE

Status: REJECTED

Assigner: SICK AG

Published:

Updated: 2026-01-22T17:03:07.512Z

Reserved: 2026-01-08T09:59:09.364Z

Link: CVE-2026-0713

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2026-01-15T13:16:04.707

Modified: 2026-01-22T17:16:30.583

Link: CVE-2026-0713

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-01-16T13:43:34Z

Weaknesses

No weakness.