[CLSA-2026:1784024382] grafana: Fix of CVE-2026-39821
Type:
security
Severity:
Important
Release date:
2026-07-14 10:19:56 UTC
Description:
- CVE-2026-39821: update bundled golang.org/x/net to 0.55.0 so that IDNA ToASCII/ToUnicode reject Punycode-encoded labels that decode to an all-ASCII name, preventing hostname authorization bypass and privilege escalation
CVEs fixed:
Updated packages:
  • grafana-10.2.6-15.el9_6.tuxcare.els13.x86_64.rpm
    sha:065ab16b7ae10a12db9a0cb62c6441f1a8979b4731948ce7736bf18dea3eca9f
  • grafana-selinux-10.2.6-15.el9_6.tuxcare.els13.x86_64.rpm
    sha:df696e213d6933946854e9779632bd95ea377622ddc79a83899c7a25994b1359
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.