CVE-2026-22641 in Incoming Goods Suiteinfo

Summary

by MITRE • 01/15/2026

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Prometheus-based datasources.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

SICK AG

Reservation

01/08/2026

Disclosure

01/15/2026

Moderation

revoked

Entry

VDB-341278

CPE

ready

CWE

CWE-285 (confirmed)

CVSS

5.0 (CNA)

EPSS

0.00000

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22641
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22641
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22641/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!