Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-10601— Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

CVSS 5.4 · Medium EPSS 0.26% · P17

Affected Version Matrix 1

VendorProductVersion RangeStatus
GrafanaGrafana OSS11.6.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-10601

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: (1) capture admin-configured datasource credentials (secureJsonData custom headers) by traversing to an attacker-controlled endpoint, (2) invoke state-changing admin endpoints on Tempo (e.g. /flush, /shutdown), and (3) exfiltrate internal service data via Loki's CallResource which returns full HTTP response bodies.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Grafana OSS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Grafana OSS是Grafana公司开源的一个可视化仪表盘。 Grafana OSS 11.6.0版本存在安全漏洞,该漏洞源于Tempo和Loki datasource plugins在构造后端HTTP请求时将用户输入插入URL路径而未进行清理,可能导致路径遍历攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
GrafanaGrafana OSS 11.6.0 -

II. Public POCs for CVE-2026-10601

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-10601

登录查看更多情报信息。

Vendor Advisories for CVE-2026-10601 (1)

Same Patch Batch · Grafana · 2026-06-22 · 5 CVEs total

CVE-2026-283819.6 CRITICALLocal File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT
CVE-2026-421297.7 HIGHPath Traversal in Loki Datasource leads to Internal Information Disclosure
CVE-2026-421277.5 HIGHGrafana pre-auth DoS through arbitrarily large input to public dashboard query handler
CVE-2026-90297.3 HIGHStored XSS via Geomap Panel Template Variable Attribution Injection

IV. Related Vulnerabilities

V. Comments for CVE-2026-10601

No comments yet


Leave a comment