Grafana | v13.0.2

Grafana v13.0.2 released on 09-06-2026


Grafana v13.0.2 is out now. It addresses a set of security vulnerabilities (CVE-2026-9029, CVE-2026-33382, CVE-2026-42127, CVE-2026-42129, CVE-2026-10601, CVE-2026-8609, CVE-2026-8595) and includes provisioning, Git integration, runtime and UX fixes, so operators and users should upgrade promptly to remediate known issues.

Download and full notes are available from the Grafana download page and the What’s new highlights: Download page · What’s new highlights

What’s in this release

  • Security fixes for CVE-2026-9029, CVE-2026-33382, CVE-2026-42127, CVE-2026-42129, CVE-2026-10601, CVE-2026-8609 and CVE-2026-8595.
  • Provisioning and Git improvements: repository uniqueness is now scoped by (URL, branch, path); git pushes negotiate receive-pack capabilities; per-verb fallback added for the files subresource; folders no longer marked pending because of _folder.json metadata; ruleset bypass respected for write workflow validation; folder UID-too-long and other 4xx validation errors surfaced as sync warnings; nanogit bumped to v0.17.0; public_root_url instance setting added; Alpine-based Docker images bumped to 3.23.4 and Go updated to 1.26.3.
  • Dashboard, homepage and data-source fixes: provisioned save shows Kubernetes format; homepage can load v2 dashboards from files; LibraryPanels return 403 for insufficient permissions instead of 500; k8s dashboards permission check fixed to use dashboards:create; fixes for Mixed panels on time-range changes, Jaeger trace view timestamp conversion, PostgreSQL EXPLAIN results and a quick Enterprise RBAC global datasource permissions fix.

Upgrade notes

  • Upgrade is recommended immediately to address the listed CVEs — obtain the release from the Grafana download page: https://grafana.com/grafana/download/13.0.2.
  • No breaking changes are listed in the release notes; if a rollback is required, revert to your previous release using your normal downgrade procedure and files available from the download page.

Share comments on your upgrade experience or any issues you encounter on the project’s GitHub issues or community channels.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes