CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32117

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign() / window.open() with no scheme validation. An attacker with dashboard Editor privileges can set the link to a javascript: URI; when any Viewer drag-zooms on the panel, the payload executes in the Grafana origin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.6%

CVSS Severity

CVSS v3 Score 7.6

References

Products affected by CVE-2026-32117

Ekacnet » Grafanacubism-Panel » Version: 0.0.1

cpe:2.3:a:ekacnet:grafanacubism-panel:0.0.1
Ekacnet » Grafanacubism-Panel » Version: 0.0.2

cpe:2.3:a:ekacnet:grafanacubism-panel:0.0.2
Ekacnet » Grafanacubism-Panel » Version: 0.0.3

cpe:2.3:a:ekacnet:grafanacubism-panel:0.0.3
Ekacnet » Grafanacubism-Panel » Version: 0.0.4

cpe:2.3:a:ekacnet:grafanacubism-panel:0.0.4
Ekacnet » Grafanacubism-Panel » Version: 0.0.5

cpe:2.3:a:ekacnet:grafanacubism-panel:0.0.5
Ekacnet » Grafanacubism-Panel » Version: 0.0.6

cpe:2.3:a:ekacnet:grafanacubism-panel:0.0.6
Ekacnet » Grafanacubism-Panel » Version: 0.0.7

cpe:2.3:a:ekacnet:grafanacubism-panel:0.0.7
Ekacnet » Grafanacubism-Panel » Version: 0.0.8

cpe:2.3:a:ekacnet:grafanacubism-panel:0.0.8
Ekacnet » Grafanacubism-Panel » Version: 0.1.0

cpe:2.3:a:ekacnet:grafanacubism-panel:0.1.0
Ekacnet » Grafanacubism-Panel » Version: 0.1.1

cpe:2.3:a:ekacnet:grafanacubism-panel:0.1.1
Ekacnet » Grafanacubism-Panel » Version: 0.1.2

cpe:2.3:a:ekacnet:grafanacubism-panel:0.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32117

Products

Pricing

Contact Us