Grafana has released version 9.1.6, addressing moderate severity security vulnerabilities CVE-2022-35957 and CVE-2022-36062, which were related to privilege escalation in Grafana Auth Proxy and role-based access control (RBAC). These vulnerabilities could lead to unauthorized access permissions, with CVE-2022-36062 allowing Editors and Viewers to access Admin-only folders or dashboards, and CVE-2022-35957 enabling escalation from Admin to Server Admin through Auth proxy. The fixes are included in patches for Grafana versions 9.0.9 and 8.5.13, with updates also applied to Grafana Cloud. Users are advised to upgrade their instances or apply alternative mitigations if upgrades are not feasible. Security issues can be reported to Grafana, with information available on their security blog and RSS feed.