CVE-2026-28378

CVE-2026-28378CVE-2026-28378

Description

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers.

Scoring

CVSS 3.1 ()
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Last modified2026-07-07
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.