This update for grafana to version to 11.6.14+security01 fixes the following issues:

- Security Fixes:

  - CVE-2026-34986: Fixed unrecoverable error in JWE decryption that could lead to a denial of service (bsc#1262950)
  - CVE-2026-41602: Fixed Integer Overflow or Wraparound vulnerability in Apache Thrift (bsc#1263501)
  - CVE-2026-26958: Ensure that MultiScalarMult properly handles initialization and produces correct results 
    (bsc#1258595)
  - CVE-2026-21725: Fixed missing UID when deleting datasource by name (bsc#1258873)
  - CVE-2026-33375: Fixed denial of Service via out-of-memory exhaustion in MSSQL data source plugin (bsc#1260881)
  - CVE-2026-27876: Fixed remote arbitrary code execution via chained SQL Expressions (bsc#1261025)
  - CVE-2026-27877: Fixed information disclosure of data-source passwords via public dashboards (bsc#1261026)
  - CVE-2026-28375: Fixed denial of service via testdata data-source (bsc#1261029)
  - CVE-2026-27879: Fixed denial of service via resample query (bsc#1261027)
  - CVE-2026-33186: Fixed authorization bypass due to improper validation of the HTTP/2 :path pseudo-header
    (bsc#1260263)
  - CVE-2026-21724: Fixed authorization bypass allows modification of protected webhook URLs (bsc#1260878)

- Highlights of other changes and bug fixes:

  - Version 11.6.13:

    - Wire the public dashboard service to the HTTP server

  - Version 11.6.12:

    - Update authentication redirect logic
    - Fixed single panel render with variable references