CVE-2026-27877
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
A vulnerability in public dashboards and direct data-sources exposes passwords of all direct data-sources, even if not used in dashboards. Passwords of proxied data-sources are not exposed.
Risk Assessment
The organization risks password leakage for direct data-sources, potentially leading to unauthorized data access and infrastructure compromise.
Recommendation
Immediately convert all direct data-sources to proxied data-sources to eliminate password exposure risk. Also review and secure public dashboards.
Original NVD description (English source)
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

