What is CVE-2026-9029?

CVE-2026-9029 is a high-severity vulnerability in Grafana Oss. CVSS score: 7.3/10. Published 2026-06-22.

How severe is CVE-2026-9029?

High severity. CVSS v3 base score is 7.3 out of 10.

Vulnerability in Grafana Oss

CVE-2026-9029

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent() runs on the raw template string before getTemplateSrv().replace() substitutes the variable value, which uses the glob format with no…

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N.

Affected products

Grafana Oss — versions 12.4.0

References

security@grafana.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-9029?: CVE-2026-9029 is a high-severity vulnerability in Grafana Oss. CVSS score: 7.3/10. Published 2026-06-22.
How severe is CVE-2026-9029?: High severity. CVSS v3 base score is 7.3 out of 10.