CVE-2026-21725Time-of-check Time-of-use (TOCTOU) Race Condition in Grafana

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition6 documents6 sources
Severity
2.0LOWNVD
EPSS
0.0%
top 91.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Grafana
Timeline
PublishedFeb 25

Description

A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion. - Upon deletion, all steps within the attack must happen within the next 30 seconds and on the same pod of Grafana. - The attacker must delete the datasource, then someone must recreate it. - The n

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.5 | Impact: 1.4

Affected Packages2 packages

CVEListV5grafana/grafanav11.0.0v12.4.1
NVDgrafana/grafana11.0.012.4.1

🔴Vulnerability Details

3
OSV
CVE-2026-21725: A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so2026-02-25
GHSA
GHSA-w36g-f98m-wm99: A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so2026-02-25
CVEList
Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name2026-02-25

📋Vendor Advisories

1
Red Hat
grafana: Grafana: Unauthorized data source deletion via time-of-create-to-time-of-use (TOCTOU) vulnerability2026-02-25

🕵️Threat Intelligence

1
Wiz
CVE-2026-21725 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-21725 — Grafana vulnerability | cvebase