CVE-2026-0712
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-15
EPSS Evaluated
2026-01-22
NVD
CVE-2026-0712
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
grafana grafana From 11.5.0 (exc)
grafana grafana From 12.0.2 (inc)
grafana grafana From 11.6.3 (inc)
grafana grafana From 11.5.6 (inc)
grafana grafana From 11.4.6 (inc)
grafana grafana From 11.3.8 (inc)
sick sick_incoming_goods_suite From 1.2.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-0712 is an open redirect vulnerability found in Grafana OSS starting from version 11.5.0. This vulnerability allows attackers to redirect users to untrusted sites and can be exploited to perform cross-site scripting (XSS) attacks when combined with path traversal vulnerabilities. It specifically affects the administrative user interface for log management in the SICK Incoming Goods Suite product but does not impact the main user interface. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing attackers to perform XSS attacks, which can compromise confidentiality (high impact), integrity (low impact), and availability (low impact) of your system. Since it affects the administrative interface, attackers could potentially exploit it to gain unauthorized access or manipulate data related to log management. The attack requires no privileges but does require user interaction and can be executed remotely over the network. [1, 2]

Mitigation Strategies

To mitigate this vulnerability, upgrade Grafana to one of the fixed versions: 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, or 11.3.8+security-01. For users of the SICK Incoming Goods Suite, upgrade the firmware to version 1.2.1 or later. Additionally, minimize network exposure, restrict network access, and follow best security practices to protect your devices. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0712. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart