Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-63087— Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint

CVSS 9.8 · Critical
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-63087

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint
Source: NVD (National Vulnerability Database)
Vulnerability Description
Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows remote attackers to obtain a valid PluginAuthToken by sending a POST request to the internal plugin install endpoint using hardcoded default stack_id and org_id values present in the public source tree. Attackers can leverage the acquired token to authenticate against all internal API endpoints, create arbitrary Admin users via the user-context header bootstrap path, revoke the legitimate plugin token, and redirect OnCall-to-Grafana API calls to an attacker-controlled host by overwriting the organization's grafana_url and api_token.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
grafana-cold-storageoncall 0 ~ 1.16.11 -

II. Public POCs for CVE-2026-63087

#POC DescriptionSource LinkShenlong Link
AI-Generated POCVerified env Premium
Qwen3.6-35B-A3B · 10042 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-63087

登录查看更多情报信息。

Vendor Advisories for CVE-2026-63087 (1)

Security Blog Posts for CVE-2026-63087 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-63087

No comments yet


Leave a comment