CVE-2026-21722 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-21722 Interim 1 1 2026-03-05T00:18:38Z current 2026-03-05T00:18:38Z 2026-03-05T00:18:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-21722 Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Manager Client Tools for SLE 12 SUSE Manager Client Tools for SLE 15 SUSE Multi-Linux Manager Client Tools for SLE 12 SUSE Multi-Linux Manager Client Tools for SLE 15 openSUSE Leap 15.6 grafana grafana as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 grafana as a component of SUSE Manager Client Tools for SLE 12 grafana as a component of SUSE Manager Client Tools for SLE 15 grafana as a component of SUSE Multi-Linux Manager Client Tools for SLE 12 grafana as a component of SUSE Multi-Linux Manager Client Tools for SLE 15 grafana as a component of openSUSE Leap 15.6 Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard. CVE-2026-21722 moderate 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N