Moole Vulnerability Database

Find real vulnerabilities before they ship

Medium

CVE-2026-33381

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.

VectorNETWORK

PublishedMay 13, 2026, 20:16

Published Bysecurity@grafana.com

Base Score

Score5.9

Affected Versions

No affected versions found.

References

https://grafana.com/security/security-advisories/cve-2026-33381

Weakness Type

CWE-284

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Base SeverityMedium

Version

3.1

Attack Vector (AV)

NETWORK