CVE-2026-28378
CVE-2026-28378 is a low-severity vulnerability with a CVSS 3.x base score of 3.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Low (CVSS 3.x base score 3.1)
- EPSS exploit prediction: 0% (4th percentile)
- Actively exploited: Not listed in CISA KEV
- Published:
- Last modified:
Description
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers.
Frequently asked questions
- What is CVE-2026-28378?
- The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers.
- How severe is CVE-2026-28378?
- CVE-2026-28378 has a CVSS 3.x base score of 3.1, rated low severity. It is exploitable over network with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity low, and availability none.
- Is CVE-2026-28378 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (4th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-28378?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2026-28378 published?
- CVE-2026-28378 was published on 2026-07-07 and last updated on 2026-07-08.