Auth Proxy IPv6 whitelist bypass_CVE-2026-33376

7.4 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128) to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here.

Basic Information

ID CVE-2026-33376

Source GRAFANA

Published May 13, 2026 at 19:28

Modified May 13, 2026 at 19:35

Affected Product

Vendor Grafana

Product Grafana OSS

Version 9.4.0

Affected Versions Grafana Grafana OSS 9.4.0
Grafana Grafana OSS 11.6.14
Grafana Grafana OSS 12.0.0
Grafana Grafana OSS 12.2.8
Grafana Grafana OSS 12.3.0
Grafana Grafana OSS 12.3.6
Grafana Grafana OSS 12.4.0
Grafana Grafana OSS 12.4.3
Grafana Grafana OSS 13.0.0
Grafana Grafana OSS 13.0.1

References

grafana.com /security/security-advisories/cve-2026-33376

{
    "lastseen": "",
    "description": "When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128) to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here.",
    "published": "2026-05-13T19:28:34.473Z",
    "modified": "2026-05-13T19:35:08.211Z",
    "type": "cve",
    "title": "Auth Proxy IPv6 whitelist bypass",
    "source": "GRAFANA",
    "references": "https://grafana.com/security/security-advisories/cve-2026-33376",
    "id": "CVE-2026-33376",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Grafana Grafana OSS 9.4.0\nGrafana Grafana OSS 11.6.14\nGrafana Grafana OSS 12.0.0\nGrafana Grafana OSS 12.2.8\nGrafana Grafana OSS 12.3.0\nGrafana Grafana OSS 12.3.6\nGrafana Grafana OSS 12.4.0\nGrafana Grafana OSS 12.4.3\nGrafana Grafana OSS 13.0.0\nGrafana Grafana OSS 13.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Grafana OSS",
    "version": "9.4.0",
    "vendor": "Grafana",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply