SecBoard
Zurück zur CVE-Übersicht

CVE-2026-10601

MEDIUM(5.4)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Risk Signal Score14/100 — NIEDRIG
  • CVSS 5.4 — Mittel

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

5.4

Technische Schwere

Beschreibung

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend.

Referenzen