Grafana v13.0.1+security-01 released on 12-05-2026
Grafana v13.0.1+security-01 is out now. Administrators should treat this as a priority security update, as it bundles fixes for multiple vulnerabilities across the product.
Download the release or read the full notes on Grafana’s official pages: Grafana download and the GitHub release endpoint at api.github.com.
What’s in this release
- Security fixes for ten CVEs: CVE-2026-28374, CVE-2026-28376, CVE-2026-28383, CVE-2026-28380, CVE-2026-33376, CVE-2026-28379, CVE-2026-33377, CVE-2026-33378, CVE-2026-33381 and CVE-2026-33380.
- Advisory guidance on severity, affected components and exploitability so you can assess impact based on your deployment and installed plugins.
- Practical upgrade and mitigation steps: back up config and dashboards, test the v13.0.1+security-01 build in staging, upgrade via your normal package/channel, and apply interim network/access restrictions if you cannot patch immediately.
Upgrade notes
- No specific breaking changes are listed in the supplied release notes; back up Grafana configuration and dashboards and verify the build in staging before upgrading production (downloads at Grafana download).
- Keep current backups so you can restore a previous state if required. If immediate upgrade is not possible, restrict UI/API access, disable untrusted plugins and tighten authentication until you can apply the patch.
Please share any issues or observations after you upgrade so others can benefit from your experience.
