7.6
/ 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Description
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
Basic Information
ID
CVE-2026-0712
Source
SICK AG
Published
Jan 15, 2026 at 13:10
Modified
Jan 15, 2026 at 14:30
Affected Product
Vendor
SICK AG
Product
Incoming Goods Suite
Affected Versions
SICK AG Incoming Goods Suite 0
CWE Classification
References
- sick.com /psirt
- www.sick.com /media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
- www.cisa.gov /resources-tools/resources/ics-recommended-practices
- www.first.org /cvss/calculator/3.1
- www.sick.com /.well-known/csaf/white/2026/sca-2026-0002.json
- www.sick.com /.well-known/csaf/white/2026/sca-2026-0002.pdf