Grafana v13.0.2 released on 09-06-2026

Grafana v13.0.2 is out now. Production deployments should upgrade immediately to pick up multiple CVE fixes and tightened permissions.
See the download page or the What’s new highlights for full details and installers.
What’s in this release
- Security fixes for multiple CVEs (CVE-2026-9029, CVE-2026-33382, CVE-2026-42127, CVE-2026-42129, CVE-2026-10601, CVE-2026-8609, CVE-2026-8595) and a quick Enterprise fix for global datasource permissions.
- Provisioning and git-backed content reliability improvements: negotiate receive-pack capabilities for pushes, scope repository uniqueness by (URL, branch, path), surface validation 4xx as sync warnings, and bump nanogit to v0.17.0 to fix pushes with git submodules.
- Dashboard and UI changes: provisioned saves now show Kubernetes format, the homepage can load v2 dashboards defined by a file, and LibraryPanels return 403 for insufficient permissions instead of 500.
Upgrade notes
- Security urgency: plan an immediate upgrade for production systems to pick up the CVE patches; download the release from the official Grafana download page.
- Enterprise: the release includes a quick fix for global datasource permissions — if you encounter issues, restore from backups or redeploy your previous release as per your standard rollback procedure.
Share comments or report issues on the Grafana GitHub repository so others can benefit from your experience.


