CVE-2026-21720 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-21720 Interim 1 1 2026-03-05T00:18:39Z current 2026-03-05T00:18:39Z 2026-03-05T00:18:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-21720 Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Manager Client Tools for SLE 12 SUSE Manager Client Tools for SLE 15 SUSE Multi-Linux Manager Client Tools for SLE 12 SUSE Multi-Linux Manager Client Tools for SLE 15 openSUSE Leap 15.6 grafana grafana as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 grafana as a component of SUSE Manager Client Tools for SLE 12 grafana as a component of SUSE Manager Client Tools for SLE 15 grafana as a component of SUSE Multi-Linux Manager Client Tools for SLE 12 grafana as a component of SUSE Multi-Linux Manager Client Tools for SLE 15 grafana as a component of openSUSE Leap 15.6 Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems. CVE-2026-21720 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H