« All posts

CVE-2026-63087: Grafana Oncall Reaches End of Life

CVE-2026-63087 reveals an authentication bypass vulnerability in Grafana OnCall.

CVE-2026-63087 exposes a critical vulnerability in Grafana OnCall's plugin installation flow, allowing unauthorized reconfiguration. With the repository archived, no official patch will be available. Users migrating away can implement a temporary fix by building from source, as detailed in a write-up.