CVE-2026-0712
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-0712, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-07-06
AI Q&A
2026-01-15
EPSS Evaluated
2026-01-22
NVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
grafana grafana From 11.5.0 (exc)
grafana grafana From 12.0.2 (inc)
grafana grafana From 11.6.3 (inc)
grafana grafana From 11.5.6 (inc)
grafana grafana From 11.4.6 (inc)
grafana grafana From 11.3.8 (inc)
sick sick_incoming_goods_suite From 1.2.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-0712 is an open redirect vulnerability found in Grafana OSS starting from version 11.5.0. This vulnerability allows attackers to redirect users to untrusted sites and can be exploited to perform cross-site scripting (XSS) attacks when combined with path traversal vulnerabilities. It specifically affects the administrative user interface for log management in the SICK Incoming Goods Suite product but does not impact the main user interface. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing attackers to perform XSS attacks, which can compromise confidentiality (high impact), integrity (low impact), and availability (low impact) of your system. Since it affects the administrative interface, attackers could potentially exploit it to gain unauthorized access or manipulate data related to log management. The attack requires no privileges but does require user interaction and can be executed remotely over the network. [1, 2]

Mitigation Strategies

To mitigate this vulnerability, upgrade Grafana to one of the fixed versions: 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, or 11.3.8+security-01. For users of the SICK Incoming Goods Suite, upgrade the firmware to version 1.2.1 or later. Additionally, minimize network exposure, restrict network access, and follow best security practices to protect your devices. [1, 2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0712. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart