This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Sick Ag
  • Incoming Goods Suite

No data.

No data.

References

No reference.

History

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Description An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator exists 2. The Server administrator is either: - Not part of any organization, or - Part of the same organization as the Organization administrator Impact: - Organization administrators can permanently delete Server administrator accounts - If the only Server administrator is deleted, the Grafana instance becomes unmanageable - No super-user permissions remain in the system - Affects all users, organizations, and teams managed in the instance The vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Sick Ag
Sick Ag incoming Goods Suite
Vendors & Products Sick Ag
Sick Ag incoming Goods Suite

Thu, 15 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 15 Jan 2026 13:45:00 +0000

Type Values Removed Values Added
Description An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator exists 2. The Server administrator is either: - Not part of any organization, or - Part of the same organization as the Organization administrator Impact: - Organization administrators can permanently delete Server administrator accounts - If the only Server administrator is deleted, the Grafana instance becomes unmanageable - No super-user permissions remain in the system - Affects all users, organizations, and teams managed in the instance The vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H'}
cve-icon MITRE

Status: REJECTED

Assigner: SICK AG

Published:

Updated: 2026-01-22T17:05:31.568Z

Reserved: 2026-01-08T09:59:06.198Z

Link: CVE-2026-22640

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2026-01-15T14:16:27.607

Modified: 2026-01-22T17:16:36.570

Link: CVE-2026-22640

cve-icon Redhat

No data.