Grafana v13.0.1+security-01 released on 12-05-2026
Grafana v13.0.1+security-01 is out now. Administrators and security teams should treat it as a priority update, as it addresses multiple security vulnerabilities.
Download the update and consult full CVE write-ups and guidance on Grafana’s official pages: download and What’s new.
What’s in this release
- Security fixes addressing CVE-2026-28374, CVE-2026-28376, CVE-2026-28383, CVE-2026-28380, CVE-2026-33376, CVE-2026-28379, CVE-2026-33377, CVE-2026-33378, CVE-2026-33381 and CVE-2026-33380.
- Triage and mitigation guidance for security teams: map deployed instances and exposure, prioritise externally reachable or credential-exposed instances, and monitor logs and IDS for suspicious activity.
- Security-focused patch rather than new features; official packages and documentation are available from Grafana’s download and what’s‑new pages.
Upgrade notes
- No breaking changes are called out in the release notes; back up Grafana configuration and the database, test the update in a non-production environment (including custom plugins and authentication backends), and verify container/Helm image tags or OS packages from official repositories before deploying.
- Have a rollback plan and perform rolling upgrades where possible; run smoke tests post-upgrade (login, dashboards, alerting, data sources) and rotate credentials or API keys if advisories recommend.
Share any issues or observations from your upgrade so others can learn from the experience.
