CVE Catalog

CVE-2026-27877

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

A vulnerability in public dashboards and direct data-sources exposes passwords of all direct data-sources, even if not used in dashboards. Passwords of proxied data-sources are not exposed.

Risk Assessment

The organization risks password leakage for direct data-sources, potentially leading to unauthorized data access and infrastructure compromise.

Recommendation

Immediately convert all direct data-sources to proxied data-sources to eliminate password exposure risk. Also review and secure public dashboards.

Original NVD description (English source)

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS