What is CVE-2022-26148?

CVE-2022-26148 is a vulnerability in N/a. Published 2022-03-21.

Is CVE-2022-26148 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the…

EPSS: 0.872 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
HimmelAward/Goby_
NyxAzrael/Goby_
Z0fhack/Goby_

References

2k8.org/post-319.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20220425-0005/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-26148?: CVE-2022-26148 is a vulnerability in N/a. Published 2022-03-21.
Is CVE-2022-26148 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.