CVE-2026-33381

HIGH EPSS 15.6%

Published May 13, 20261mo ago · Modified Jun 17, 20261w ago

8.1 CVSS 3.1

High

Published May 13, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.

CVSS Details

Base Score

8.1

Exploitability

2.8

Impact

5.2

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

15.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-284

Affected Products 5

Vendor	Product	Version	Range
grafana	grafana	*	≥11.6.0 – <11.6.14
grafana	grafana	*	≥12.2.0 – <12.2.8
grafana	grafana	*	≥12.3.0 – <12.3.6
grafana	grafana	*	≥12.4.0 – <12.4.3
grafana	grafana	*	≥13.0.0 – <13.0.1

References 1

grafana.com https://grafana.com/security/security-advisories/cve-2026-33381

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.