CVE-2026-0712
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-05-27
AI Q&A
2026-01-15
EPSS Evaluated
2026-01-22
NVD
CVE-2026-0712
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
grafana grafana From 11.5.0 (exc)
grafana grafana From 12.0.2 (inc)
grafana grafana From 11.6.3 (inc)
grafana grafana From 11.5.6 (inc)
grafana grafana From 11.4.6 (inc)
grafana grafana From 11.3.8 (inc)
sick sick_incoming_goods_suite From 1.2.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-0712 is an open redirect vulnerability found in Grafana OSS starting from version 11.5.0. This vulnerability allows attackers to redirect users to untrusted sites and can be exploited to perform cross-site scripting (XSS) attacks when combined with path traversal vulnerabilities. It specifically affects the administrative user interface for log management in the SICK Incoming Goods Suite product but does not impact the main user interface. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to perform XSS attacks, which can compromise confidentiality (high impact), integrity (low impact), and availability (low impact) of your system. Since it affects the administrative interface, attackers could potentially exploit it to gain unauthorized access or manipulate data related to log management. The attack requires no privileges but does require user interaction and can be executed remotely over the network. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade Grafana to one of the fixed versions: 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, or 11.3.8+security-01. For users of the SICK Incoming Goods Suite, upgrade the firmware to version 1.2.1 or later. Additionally, minimize network exposure, restrict network access, and follow best security practices to protect your devices. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart