A vulnerability, which was classified as problematic, has been found in Grafana oncall up to 1.16.11. This impacts an unknown function of the component Internal Plugin Install Endpoint. This manipulation of the argument org_id causes open redirect. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is tracked as CVE-2026-63087. The attack is possible to be carried out remotely. No exploit exists.