CVE-2026-21726 | Grafana Loki up to 3.5.8 Ruler API Endpoint /loki/api/v1/rules/ namespace path traversal

A vulnerability described as critical has been identified in Grafana Loki up to 3.5.8. This affects an unknown function of the file /loki/api/v1/rules/ of the component Ruler API Endpoint. Executing a manipulation of the argument namespace can lead to path traversal.

This vulnerability appears as CVE-2026-21726. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More