Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    80 vulnerabilities

    CVE-2026-8595 (GCVE-0-2026-8595)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:59 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Stored XSS in the table panel (TableNG)
    Summary
    A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    avamost369 (Researcher)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8595",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:59:08.422134Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T15:59:19.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "avamost369 (Researcher)"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:49.902Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-8595"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Stored XSS in the table panel (TableNG)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-8595",
        "datePublished": "2026-07-10T14:59:35.891Z",
        "dateReserved": "2026-05-14T12:50:43.291Z",
        "dateUpdated": "2026-07-10T18:44:49.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8609 (GCVE-0-2026-8609)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:58 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Pre-authentication denial of service via the OAuth login route
    Summary
    An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 11.6.0 , ≤ 11.6.14 (semver)
    Affected: 12.2.0 , ≤ 12.2.8 (semver)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    cyberjoker (Researcher)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:53:40.169487Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T15:53:51.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "cyberjoker (Researcher)"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated attacker can repeatedly call Grafana\u0027s OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:43.842Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-8609"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Pre-authentication denial of service via the OAuth login route",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-8609",
        "datePublished": "2026-07-10T14:58:33.522Z",
        "dateReserved": "2026-05-14T16:01:42.297Z",
        "dateUpdated": "2026-07-10T18:44:43.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33382 (GCVE-0-2026-33382)

    Vulnerability from cvelistv5 – Published: 2026-07-10 14:58 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Denial of service via unbounded request body size
    Summary
    Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 11.6.0 , ≤ 11.6.14 (semver)
    Affected: 12.2.0 , ≤ 12.2.8 (semver)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33382",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:59:38.846803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T15:59:43.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:42.333Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-33382"
            }
          ],
          "source": {
            "discovery": "INTERNAL_FINDING"
          },
          "title": "Denial of service via unbounded request body size",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-33382",
        "datePublished": "2026-07-10T14:58:23.329Z",
        "dateReserved": "2026-03-19T07:55:06.978Z",
        "dateUpdated": "2026-07-10T18:44:42.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28378 (GCVE-0-2026-28378)

    Vulnerability from cvelistv5 – Published: 2026-07-07 21:08 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Cross-Organization Public Dashboard Deletion via Missing Org Isolation
    Summary
    The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana Enterprise Affected: 11.6.0 , ≤ 11.6.13 (semver)
    Affected: 12.1.0 , ≤ 12.1.9 (semver)
    Affected: 12.2.0 , ≤ 12.2.7 (semver)
    Affected: 12.3.0 , ≤ 12.3.5 (semver)
    Affected: 12.4.0 , ≤ 12.4.1 (semver)
    Create a notification for this product.
    Grafana Grafana OSS Affected: 11.6.0 , ≤ 11.6.13 (semver)
    Affected: 12.1.0 , ≤ 12.1.9 (semver)
    Affected: 12.2.0 , ≤ 12.2.7 (semver)
    Affected: 12.3.0 , ≤ 12.3.5 (semver)
    Affected: 12.4.0 , ≤ 12.4.1 (semver)
    Create a notification for this product.
    Date Public
    2026-03-24 15:50
    Credits
    rpgsec (Researcher)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:50:28.034051Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T15:38:39.070Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana Enterprise",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.13",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.9",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.2.7",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.3.5",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.4.1",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.13",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.1.9",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.2.7",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.3.5",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.4.1",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "rpgsec (Researcher)"
            }
          ],
          "datePublic": "2026-03-24T15:50:26.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard\u0027s identifiers."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:39.308Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-28378"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Cross-Organization Public Dashboard Deletion via Missing Org Isolation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-28378",
        "datePublished": "2026-07-07T21:08:04.579Z",
        "dateReserved": "2026-02-27T07:16:12.218Z",
        "dateUpdated": "2026-07-10T18:44:39.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42127 (GCVE-0-2026-42127)

    Vulnerability from cvelistv5 – Published: 2026-06-22 16:31 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Pre-authentication denial of service in the public dashboard query endpoint
    Summary
    The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana Enterprise Affected: 11.6.0 , ≤ 11.6.14 (semver)
    Affected: 12.2.0 , ≤ 12.2.8 (semver)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Create a notification for this product.
    Grafana Grafana OSS Affected: 11.6.0 , ≤ 11.6.14 (semver)
    Affected: 12.2.0 , ≤ 12.2.8 (semver)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    Charlie Lewis
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:28:16.184877Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T17:28:35.835Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana Enterprise",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Charlie Lewis"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:46.891Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-42127"
            }
          ],
          "source": {
            "discovery": "EXTERNAL_REPORT"
          },
          "title": "Pre-authentication denial of service in the public dashboard query endpoint",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-42127",
        "datePublished": "2026-06-22T16:31:28.096Z",
        "dateReserved": "2026-04-24T15:38:08.066Z",
        "dateUpdated": "2026-07-10T18:44:46.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28381 (GCVE-0-2026-28381)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:20 – Updated: 2026-06-24 15:58
    VLAI
    Title
    Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT
    Summary
    The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Snowflake Datasource Affected: 1.14.7 , ≤ 1.14.12 (semver)
    Create a notification for this product.
    Date Public
    2026-05-15 17:00
    Credits
    stargravy (Researcher)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28381",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:43:02.758856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:58:25.231Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Snowflake Datasource",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "1.14.12",
                  "status": "affected",
                  "version": "1.14.7",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "stargravy (Researcher)"
            }
          ],
          "datePublic": "2026-05-15T17:00:39.039Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:20:29.440Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-28381"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-28381",
        "datePublished": "2026-06-22T13:20:29.440Z",
        "dateReserved": "2026-02-27T07:16:12.218Z",
        "dateUpdated": "2026-06-24T15:58:25.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9029 (GCVE-0-2026-9029)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:18 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Stored XSS in the Geomap panel tile-layer attribution
    Summary
    A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard (stored cross-site scripting).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    trailerb18 (Researcher)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T03:55:45.644989Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:55:58.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "trailerb18 (Researcher)"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel\u0027s XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard (stored cross-site scripting)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:40.804Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-9029"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Stored XSS in the Geomap panel tile-layer attribution",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-9029",
        "datePublished": "2026-06-22T13:18:40.770Z",
        "dateReserved": "2026-05-19T15:28:45.662Z",
        "dateUpdated": "2026-07-10T18:44:40.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10601 (GCVE-0-2026-10601)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:18 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Path traversal in the Tempo and Loki data source plugins
    Summary
    A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 11.6.0 , ≤ 11.6.14 (semver)
    Affected: 12.2.0 , ≤ 12.2.8 (semver)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    homb (Researcher)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:44:03.006985Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:54:19.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "homb (Researcher)"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:38.226Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-10601"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Path traversal in the Tempo and Loki data source plugins",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-10601",
        "datePublished": "2026-06-22T13:18:31.531Z",
        "dateReserved": "2026-06-02T09:57:26.570Z",
        "dateUpdated": "2026-07-10T18:44:38.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42129 (GCVE-0-2026-42129)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:18 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Path traversal in the Loki data source plugin
    Summary
    A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 11.6.0 , ≤ 11.6.14 (semver)
    Affected: 12.2.0 , ≤ 12.2.8 (semver)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    khanmarshal (Researcher)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42129",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:44:32.401117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:56:38.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "khanmarshal (Researcher)"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:49.423Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-42129"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Path traversal in the Loki data source plugin",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-42129",
        "datePublished": "2026-06-22T13:18:27.365Z",
        "dateReserved": "2026-04-24T15:38:08.067Z",
        "dateUpdated": "2026-07-10T18:44:49.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27878 (GCVE-0-2026-27878)

    Vulnerability from cvelistv5 – Published: 2026-06-19 19:02 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Tempo TraceQL query with exemplar hint could result in unbounded memory usage
    Summary
    A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Enterprise Traces (GET) Affected: 2.6.1 , < 2.8.8 (semver)
    Create a notification for this product.
    Grafana Tempo Affected: 2.6.0 , < 2.10.2 (semver)
    Create a notification for this product.
    Date Public
    2026-03-23 19:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27878",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:09:51.414285Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T12:14:04.829Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Traces (GET)",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "2.8.8",
                  "status": "affected",
                  "version": "2.6.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Tempo",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "2.10.2",
                  "status": "affected",
                  "version": "2.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-23T19:28:24.658Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:36.230Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-27878"
            }
          ],
          "source": {
            "discovery": "INTERNAL_FINDING"
          },
          "title": "Tempo TraceQL query with exemplar hint could result in unbounded memory usage",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-27878",
        "datePublished": "2026-06-19T19:02:27.028Z",
        "dateReserved": "2026-02-24T14:30:17.726Z",
        "dateUpdated": "2026-07-10T18:44:36.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11769 (GCVE-0-2026-11769)

    Vulnerability from cvelistv5 – Published: 2026-06-13 04:17 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Operator - Namespaced User Path Traversal
    Summary
    We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. ### Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating language. The jsonnet expression is evaluated in the context of the operator manager pod. ### Impact It is possible for a malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance to obtain the Kubernetes service account token of the Grafana Operator manager. ### Affected versions All Grafana Operator versions <= 5.23 ### Solutions and mitigations All installations should be upgraded as soon as possible. As a workaround, the following ValidatingAdmissionPolicy prevent the creation or modification of jsonnet based resources: apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingAdmissionPolicy metadata: name: "prevent-jsonnet-dashboards" spec: failurePolicy: Fail matchConstraints: resourceRules: - apiGroups: ["grafana.integreatly.org"] apiVersions: ["v1beta1"] operations: ["CREATE", "UPDATE"] resources: ["grafanadashboards", "grafanalibrarypanels"] validations: - expression: "!has(object.spec.jsonnetLib)" --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingAdmissionPolicyBinding metadata: name: "prevent-jsonnet-dashboards-clusterwide" spec: policyName: "prevent-jsonnet-dashboards" validationActions: [Deny] ### Acknowledgement We would like to thank Artem Cherezov for responsibly disclosing the vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana Operator Affected: 0 , ≤ 5.23.0 (semver)
    Create a notification for this product.
    Date Public
    2026-07-09 11:17
    Credits
    cherez0ff
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11769",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T17:24:16.248300Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T12:01:19.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana Operator",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "5.23.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "cherez0ff"
            }
          ],
          "datePublic": "2026-07-09T11:17:29.029Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.\n\n\n### Summary\n\nThe Grafana Operator supports loading dashboards \u0026 library panels using the jsonnet data templating language. The jsonnet expression is evaluated in the context of the operator manager pod.\n\n\n### Impact\n\nIt is possible for a malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance to obtain the Kubernetes service account token of the Grafana Operator manager.\n\n### Affected versions\n\nAll Grafana Operator versions \u003c= 5.23\n\n### Solutions and mitigations\n\nAll installations should be upgraded as soon as possible.\n\nAs a workaround, the following ValidatingAdmissionPolicy prevent the creation or modification of jsonnet based resources:\n\napiVersion: admissionregistration.k8s.io/v1\nkind: ValidatingAdmissionPolicy\nmetadata:\n  name: \"prevent-jsonnet-dashboards\"\nspec:\n  failurePolicy: Fail\n  matchConstraints:\n    resourceRules:\n      - apiGroups: [\"grafana.integreatly.org\"]\n        apiVersions: [\"v1beta1\"]\n        operations: [\"CREATE\", \"UPDATE\"]\n        resources: [\"grafanadashboards\", \"grafanalibrarypanels\"]\n  validations:\n    - expression: \"!has(object.spec.jsonnetLib)\"\n---\napiVersion: admissionregistration.k8s.io/v1\nkind: ValidatingAdmissionPolicyBinding\nmetadata:\n  name: \"prevent-jsonnet-dashboards-clusterwide\"\nspec:\n  policyName: \"prevent-jsonnet-dashboards\"\n  validationActions: [Deny]\n\n\n\n### Acknowledgement\n\nWe would like to thank Artem Cherezov for responsibly disclosing the vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:50.920Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-11769"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Operator - Namespaced User Path Traversal",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-11769",
        "datePublished": "2026-06-13T04:17:41.099Z",
        "dateReserved": "2026-06-09T10:52:06.229Z",
        "dateUpdated": "2026-07-10T18:44:50.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28374 (GCVE-0-2026-28374)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    IDOR in Annotations API allows unprivileged users to DELETE annotation
    Summary
    Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 8.5.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T12:32:58.713813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T12:33:13.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:48.442Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-28374"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "IDOR in Annotations API allows unprivileged users to DELETE annotation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-28374",
        "datePublished": "2026-05-13T19:28:40.053Z",
        "dateReserved": "2026-02-27T07:16:12.218Z",
        "dateUpdated": "2026-07-10T18:44:48.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33378 (GCVE-0-2026-33378)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro
    Summary
    Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 8.0.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T12:33:44.094482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T12:33:58.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:45.374Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-33378"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-33378",
        "datePublished": "2026-05-13T19:28:37.606Z",
        "dateReserved": "2026-03-19T07:55:06.977Z",
        "dateUpdated": "2026-07-10T18:44:45.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28383 (GCVE-0-2026-28383)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Grafana plugin resources can lead to unbounded memory allocation
    Summary
    A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 6.7.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T12:35:48.301448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T12:36:22.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:35.227Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-28383"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Grafana plugin resources can lead to unbounded memory allocation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-28383",
        "datePublished": "2026-05-13T19:28:36.952Z",
        "dateReserved": "2026-02-27T07:16:12.219Z",
        "dateUpdated": "2026-07-10T18:44:35.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33376 (GCVE-0-2026-33376)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Auth Proxy IPv6 whitelist bypass
    Summary
    When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128) to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Initialization of a Resource with an Insecure Default
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 9.4.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1188",
                    "description": "CWE-1188 Initialization of a Resource with an Insecure Default",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-16T03:56:01.168Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128) to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:47.940Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-33376"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Auth Proxy IPv6 whitelist bypass",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-33376",
        "datePublished": "2026-05-13T19:28:34.473Z",
        "dateReserved": "2026-03-19T07:55:06.977Z",
        "dateUpdated": "2026-07-10T18:44:47.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33380 (GCVE-0-2026-33380)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    SQL Expressions Read File From Disk
    Summary
    A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 11.6.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T15:12:34.365612Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-552",
                    "description": "CWE-552 Files or Directories Accessible to External Parties",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T15:12:46.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server\u0027s filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:35.715Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-33380"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "SQL Expressions Read File From Disk",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-33380",
        "datePublished": "2026-05-13T19:28:32.915Z",
        "dateReserved": "2026-03-19T07:55:06.978Z",
        "dateUpdated": "2026-07-10T18:44:35.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28380 (GCVE-0-2026-28380)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
    Summary
    Any Editor could delete any snapshot, even if they have no access to read or write them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 9.4.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T15:54:58.435055Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T15:55:03.357Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Any Editor could delete any snapshot, even if they have no access to read or write them."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:39.792Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-28380"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "BAC in Snapshot API allows deletion of unauthorized dashboard snapshots",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-28380",
        "datePublished": "2026-05-13T19:28:32.257Z",
        "dateReserved": "2026-02-27T07:16:12.218Z",
        "dateUpdated": "2026-07-10T18:44:39.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33381 (GCVE-0-2026-33381)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Users can generate Service Account tokens after permissions removal
    Summary
    When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 9.2.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33381",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-16T03:55:59.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When a user\u0027s access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:34.730Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-33381"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Users can generate Service Account tokens after permissions removal",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-33381",
        "datePublished": "2026-05-13T19:28:31.559Z",
        "dateReserved": "2026-03-19T07:55:06.978Z",
        "dateUpdated": "2026-07-10T18:44:34.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33377 (GCVE-0-2026-33377)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
    Summary
    An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 8.5.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-16T03:55:59.661383Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T18:33:09.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:41.307Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-33377"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Dashboard Import Overwrites ACL \u2014 Editor Privilege Escalation to Dashboard Admin",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-33377",
        "datePublished": "2026-05-13T19:28:28.154Z",
        "dateReserved": "2026-03-19T07:55:06.977Z",
        "dateUpdated": "2026-07-10T18:44:41.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28376 (GCVE-0-2026-28376)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Grafana Live push endpoint allows unbounded memory allocation leading to OOM
    Summary
    The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 8.0.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T18:10:50.762919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T18:10:54.005Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:37.728Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-28376"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Grafana Live push endpoint allows unbounded memory allocation leading to OOM",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-28376",
        "datePublished": "2026-05-13T19:28:26.544Z",
        "dateReserved": "2026-02-27T07:16:12.218Z",
        "dateUpdated": "2026-07-10T18:44:37.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28379 (GCVE-0-2026-28379)

    Vulnerability from cvelistv5 – Published: 2026-05-13 19:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Viewer-triggered race condition in Grafana Live leads to complete server crash
    Summary
    A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana OSS Affected: 8.2.0 , ≤ 11.6.14 (semver)
    Affected: 11.6.14 , < 11.6.14+security-04 (custom)
    Affected: 12.0.0 , ≤ 12.2.8 (semver)
    Affected: 12.2.8 , < 12.2.8+security-04 (custom)
    Affected: 12.3.0 , ≤ 12.3.6 (semver)
    Affected: 12.3.6 , < 12.3.6+security-04 (custom)
    Affected: 12.4.0 , ≤ 12.4.3 (semver)
    Affected: 12.4.3 , < 12.4.3+security-02 (custom)
    Affected: 13.0.0 , ≤ 13.0.1 (semver)
    Affected: 13.0.1 , < 13.0.1+security-01 (custom)
    Create a notification for this product.
    Date Public
    2026-05-13 07:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T18:12:23.118907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T18:12:49.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana OSS",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.14",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.6.14+security-04",
                  "status": "affected",
                  "version": "11.6.14",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.2.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8+security-04",
                  "status": "affected",
                  "version": "12.2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6+security-04",
                  "status": "affected",
                  "version": "12.3.6",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.4.3",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.3+security-02",
                  "status": "affected",
                  "version": "12.4.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "13.0.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.0.1+security-01",
                  "status": "affected",
                  "version": "13.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-05-13T07:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:45.890Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-28379"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Viewer-triggered race condition in Grafana Live leads to complete server crash",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-28379",
        "datePublished": "2026-05-13T19:28:25.836Z",
        "dateReserved": "2026-02-27T07:16:12.218Z",
        "dateUpdated": "2026-07-10T18:44:45.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21728 (GCVE-0-2026-21728)

    Vulnerability from cvelistv5 – Published: 2026-04-24 08:00 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Tempo query limit results in unbounded memory allocation
    Summary
    Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Tempo Affected: v1.3.0 , < v2.11.0 (semver)
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.3.4     cpe:/a:redhat:multicluster_globalhub:1.3::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.4.5     cpe:/a:redhat:multicluster_globalhub:1.4::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.5.4     cpe:/a:redhat:multicluster_globalhub:1.5::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.6.2     cpe:/a:redhat:multicluster_globalhub:1.6::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.7.1     cpe:/a:redhat:multicluster_globalhub:1.7::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 5     cpe:/a:redhat:ceph_storage:5
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 6     cpe:/a:redhat:ceph_storage:6
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9     cpe:/a:redhat:ceph_storage:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3     cpe:/a:redhat:openshift_distributed_tracing:3
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:6
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2026-02-23 07:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21728",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-24T11:29:58.649315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-24T13:06:58.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.4.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.5.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.6.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.7::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.7.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:5"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_distributed_tracing:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift distributed tracing 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "unaffected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-24T08:00:47.074Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:48.938Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-21728"
              },
              {
                "name": "RHBZ#2461395",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461395"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21728.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22423"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22347"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21769"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23345"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24503"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24503: Multicluster Global Hub 1.7.1"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-24T09:00:58.144Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-24T08:00:47.074Z",
                "value": "Made public."
              }
            ],
            "title": "grafana/tempo: Tempo: Denial of Service via large queries",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tempo",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "v2.11.0",
                  "status": "affected",
                  "version": "v1.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-23T07:40:45.862Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.\n\nMitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:41.822Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-21728"
            }
          ],
          "source": {
            "discovery": "INTERNAL_FINDING"
          },
          "title": "Tempo query limit results in unbounded memory allocation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-21728",
        "datePublished": "2026-04-24T08:00:47.074Z",
        "dateReserved": "2026-01-05T09:26:06.215Z",
        "dateUpdated": "2026-07-10T18:44:41.822Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21726 (GCVE-0-2026-21726)

    Vulnerability from cvelistv5 – Published: 2026-04-15 19:24 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Loki Path Traversal - CVE-2021-36156 Bypass
    Summary
    The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace} Thanks to Prasanth Sundararajan for reporting this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Loki Affected: 2.3.0 , < 3.5.9 (semver)
    Create a notification for this product.
    Date Public
    2026-04-15 19:20
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21726",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T20:01:24.769436Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-20T18:58:17.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Loki",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "3.5.9",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-15T19:20:00.780Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace}\n\nThanks to Prasanth Sundararajan for reporting this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:37.222Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-21726"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Loki Path Traversal - CVE-2021-36156 Bypass",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-21726",
        "datePublished": "2026-04-15T19:24:31.268Z",
        "dateReserved": "2026-01-05T09:26:06.215Z",
        "dateUpdated": "2026-07-10T18:44:37.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41118 (GCVE-0-2025-41118)

    Vulnerability from cvelistv5 – Published: 2026-04-15 19:15 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection
    Summary
    Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key configuration value from the Pyroscope API. To exploit this vulnerability, an attacker needs direct access to the Pyroscope API. We highly recommend limiting the public internet exposure of all our databases, such that they are only accessible by trusted users or internal systems. This vulnerability is fixed in versions: 1.15.x: 1.15.2 and above. 1.16.x: 1.16.1 and above. 1.17.x: 1.17.0 and above (i.e. all versions). Thanks to Théo Cusnir for reporting this vulnerability to us via our bug bounty program.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    Date Public
    2026-04-15 19:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41118",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T19:32:43.403162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-732",
                    "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-20T19:00:12.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.7::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.7.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "unaffected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:5"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Ceph Storage 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-15T19:15:17.689Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Pyroscope. When Tencent Cloud Object Storage (COS) is configured as the storage backend, an attacker with access to the Pyroscope API can extract the `secret_key` value in plaintext. This issue leads to sensitive information disclosure."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-201",
                    "description": "Insertion of Sensitive Information Into Sent Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:20.652Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-41118"
              },
              {
                "name": "RHBZ#2458796",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458796"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-41118.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24503"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:24503: Multicluster Global Hub 1.7.1"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-15T20:02:03.347Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-15T19:15:17.689Z",
                "value": "Made public."
              }
            ],
            "title": "pyroscope: sensitive COS SecretKey exposed in plaintext via configuration API due to missing type protection",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, limit network exposure of the Pyroscope API so it is only accessible by trusted users on the internal network."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pyroscope",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-15T19:12:08.514Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS).\n\nIf the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key configuration value from the Pyroscope API.\n\nTo exploit this vulnerability, an attacker needs direct access to the Pyroscope API. We highly recommend limiting the public internet exposure of all our databases, such that they are only accessible by trusted users or internal systems.\n\nThis vulnerability is fixed in versions:\n\n1.15.x: 1.15.2 and above.\n1.16.x: 1.16.1 and above.\n1.17.x: 1.17.0 and above (i.e. all versions).\n\nThanks to Th\u00e9o Cusnir for reporting this vulnerability to us via our bug bounty program."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:33.608Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2025-41118"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2025-41118",
        "datePublished": "2026-04-15T19:15:17.689Z",
        "dateReserved": "2025-04-16T09:19:26.443Z",
        "dateUpdated": "2026-07-10T18:44:33.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21727 (GCVE-0-2026-21727)

    Vulnerability from cvelistv5 – Published: 2026-04-15 18:57 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record
    Summary
    --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvss_score: "3.3" cvss_vector: "CVSS:3.3/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" fixed_versions: - ">=11.6.11 >=12.0.9 >=12.1.6 >=12.2.4" --- A cross-tenant isolation vulnerability was found in Grafana’s Correlations feature affecting legacy correlation records. Due to a backward compatibility condition allowing org_id = 0 records to be returned across organizations, a user with datasource management privileges could read and permanently delete legacy correlation data belonging to another organization. This issue affects correlations created prior to Grafana 10.2 and is fixed in >=11.6.11, >=12.0.9, >=12.1.6, and >=12.2.4. Thanks to Gyu-hyeok Lee (g2h) for reporting this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana Correlations Affected: 10.2.0 , < 12.4.0 (semver)
    Create a notification for this product.
    Date Public
    2026-04-15 18:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T19:56:51.668906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-732",
                    "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-20T18:59:38.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana Correlations",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "12.4.0",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-04-15T18:52:20.510Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "---\ntitle: Cross-Tenant Legacy Correlation Disclosure and Deletion\ndraft: false\nhero:\n  image: /static/img/heros/hero-legal2.svg\n  content: \"# Cross-Tenant Legacy Correlation Disclosure and Deletion\"\ndate: 2026-01-29\nproduct: Grafana\nseverity: Low\ncve: CVE-2026-21727\ncvss_score: \"3.3\"\ncvss_vector: \"CVSS:3.3/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N\"\nfixed_versions:\n  - \"\u003e=11.6.11 \u003e=12.0.9 \u003e=12.1.6 \u003e=12.2.4\"\n---\nA cross-tenant isolation vulnerability was found in Grafana\u2019s Correlations feature affecting legacy correlation records. Due to a backward compatibility condition allowing org_id = 0 records to be returned across organizations, a user with datasource management privileges could read and permanently delete legacy correlation data belonging to another organization. This issue affects correlations created prior to Grafana 10.2 and is fixed in \u003e=11.6.11, \u003e=12.0.9, \u003e=12.1.6, and \u003e=12.2.4.\n\nThanks to Gyu-hyeok Lee (g2h) for reporting this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:44.835Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-21727"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-21727",
        "datePublished": "2026-04-15T18:57:25.185Z",
        "dateReserved": "2026-01-05T09:26:06.215Z",
        "dateUpdated": "2026-07-10T18:44:44.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12141 (GCVE-0-2025-12141)

    Vulnerability from cvelistv5 – Published: 2026-04-15 14:59 – Updated: 2026-04-15 18:45
    VLAI
    Title
    Grafana Alerting Editors can edit destination of webhooks they did not create
    Summary
    In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit contact points created by other users, modify the endpoint URL to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services (e.g., Slack tokens). This leads to unauthorized access and potential compromise of external integrations.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Grafana Grafana Alerting Affected: 8.0.0 , ≤ 12.3.0 (semver)
    Create a notification for this product.
    Date Public
    2025-12-16 20:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T18:45:45.527327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T18:45:53.672Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana Alerting",
              "repo": "https://github.com/grafana/grafana",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThanOrEqual": "12.3.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-12-16T20:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eIn Grafana\u0027s alerting system, users with edit permissions for a contact point, specifically the permissions \u201calert.notifications:write\u201d or \u201calert.notifications.receivers:test\u201d that are granted as part of the fixed role \"Contact Point Writer\", which is part of the basic role Editor - can edit contact points created by other users, modify the endpoint URL to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services (e.g., Slack tokens). This leads to unauthorized access and potential compromise of external integrations.\u003c/span\u003e"
                }
              ],
              "value": "In Grafana\u0027s alerting system, users with edit permissions for a contact point, specifically the permissions \u201calert.notifications:write\u201d or \u201calert.notifications.receivers:test\u201d that are granted as part of the fixed role \"Contact Point Writer\", which is part of the basic role Editor - can edit contact points created by other users, modify the endpoint URL to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials for third-party services (e.g., Slack tokens). This leads to unauthorized access and potential compromise of external integrations."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 1.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/S:N/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T14:59:41.317Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "url": "https://grafana.com/security/security-advisories/cve-2025-12141/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Grafana Alerting Editors can edit destination of webhooks they did not create",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2025-12141",
        "datePublished": "2026-04-15T14:59:41.317Z",
        "dateReserved": "2025-10-24T07:07:00.941Z",
        "dateUpdated": "2026-04-15T18:45:53.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27879 (GCVE-0-2026-27879)

    Vulnerability from cvelistv5 – Published: 2026-03-27 14:28 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Query resampling can cause unbounded memory allocations
    Summary
    A resample query can be used to trigger out-of-memory crashes in Grafana.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana Affected: 8.0.0 , < 11.6.14 (semver)
    Affected: 12.0.0 , < 12.1.10 (semver)
    Affected: 12.2.0 , < 12.2.8 (semver)
    Affected: 12.3.0 , < 12.3.6 (semver)
    Affected: 12.4.0 , < 12.4.2 (semver)
    Create a notification for this product.
    Date Public
    2026-03-27 14:26
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T15:02:56.347770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T15:02:59.478Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "11.6.14",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.1.10",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.2",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-27T14:26:32.584Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A resample query can be used to trigger out-of-memory crashes in Grafana."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:47.394Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-27879"
            }
          ],
          "source": {
            "discovery": "INTERNAL_FINDING"
          },
          "title": "Query resampling can cause unbounded memory allocations",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-27879",
        "datePublished": "2026-03-27T14:28:56.133Z",
        "dateReserved": "2026-02-24T14:30:17.727Z",
        "dateUpdated": "2026-07-10T18:44:47.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28375 (GCVE-0-2026-28375)

    Vulnerability from cvelistv5 – Published: 2026-03-27 14:26 – Updated: 2026-07-10 18:44
    VLAI
    Title
    Grafana Testdata datasource can issue unbounded memory allocations
    Summary
    A testdata data-source can be used to trigger out-of-memory crashes in Grafana.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Grafana Grafana Affected: 8.1.0 , < 11.6.14 (semver)
    Affected: 12.0.0 , < 12.1.10 (semver)
    Affected: 12.2.0 , < 12.2.8 (semver)
    Affected: 12.3.0 , < 12.3.6 (semver)
    Affected: 12.4.0 , < 12.4.2 (semver)
    Create a notification for this product.
    Date Public
    2026-03-27 14:23
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28375",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T15:00:57.773116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T15:01:14.243Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "11.6.14",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.1.10",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.2",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-27T14:23:47.094Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A testdata data-source can be used to trigger out-of-memory crashes in Grafana."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:46.401Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-28375"
            }
          ],
          "source": {
            "discovery": "INTERNAL_FINDING"
          },
          "title": "Grafana Testdata datasource can issue unbounded memory allocations",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-28375",
        "datePublished": "2026-03-27T14:26:19.270Z",
        "dateReserved": "2026-02-27T07:16:12.218Z",
        "dateUpdated": "2026-07-10T18:44:46.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27876 (GCVE-0-2026-27876)

    Vulnerability from cvelistv5 – Published: 2026-03-27 14:24 – Updated: 2026-07-10 18:44
    VLAI
    Title
    RCE on Grafana via sqlExpressions
    Summary
    A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable. Only instances in the following version ranges are affected: - 11.6.0 (inclusive) to 11.6.14 (exclusive): 11.6.14 has the fix. 11.5 and below are not affected. - 12.0.0 (inclusive) to 12.1.10 (exclusive): 12.1.10 has the fix. 12.0 did not receive an update, as it is end-of-life. - 12.2.0 (inclusive) to 12.2.8 (exclusive): 12.2.8 has the fix. - 12.3.0 (inclusive) to 12.3.6 (exclusive): 12.3.6 has the fix. - 12.4.0 (inclusive) to 12.4.2 (exclusive): 12.4.2 has the fix. 13.0.0 and above also have the fix: no v13 release is affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Grafana Grafana Affected: 11.6.0 , < 11.6.14 (semver)
    Affected: 12.0.0 , < 12.1.10 (semver)
    Affected: 12.2.0 , < 12.2.8 (semver)
    Affected: 12.3.0 , < 12.3.6 (semver)
    Affected: 12.4.0 , < 12.4.2 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2026-03-27 14:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27876",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-28T03:55:48.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-27T14:24:36.771Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Grafana and the Grafana Enterprise plugin. A remote attacker could exploit a chained attack involving SQL Expressions and the Grafana Enterprise plugin to achieve remote arbitrary code execution. This vulnerability is present in instances where the `sqlExpressions` feature toggle is enabled, allowing an attacker to execute unauthorized commands on the system."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Critical"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:05:51.689Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-27876"
              },
              {
                "name": "RHBZ#2452277",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452277"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27876.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-27T15:02:27.980Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-27T14:24:36.771Z",
                "value": "Made public."
              }
            ],
            "title": "grafana: grafana-enterprise-plugin: Grafana: Remote arbitrary code execution via chained SQL Expressions and Enterprise plugin attack",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "11.6.14",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.1.10",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.2.8",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.3.6",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.2",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-27T14:21:53.858Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path.\n\nOnly instances with the sqlExpressions feature toggle enabled are vulnerable.\n\nOnly instances in the following version ranges are affected:\n\n- 11.6.0 (inclusive) to 11.6.14 (exclusive): 11.6.14 has the fix. 11.5 and below are not affected.\n- 12.0.0 (inclusive) to 12.1.10 (exclusive): 12.1.10 has the fix. 12.0 did not receive an update, as it is end-of-life.\n- 12.2.0 (inclusive) to 12.2.8 (exclusive): 12.2.8 has the fix.\n- 12.3.0 (inclusive) to 12.3.6 (exclusive): 12.3.6 has the fix.\n- 12.4.0 (inclusive) to 12.4.2 (exclusive): 12.4.2 has the fix. 13.0.0 and above also have the fix: no v13 release is affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:51.435Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-27876"
            }
          ],
          "source": {
            "discovery": "BUG_BOUNTY"
          },
          "title": "RCE on Grafana via sqlExpressions",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-27876",
        "datePublished": "2026-03-27T14:24:36.771Z",
        "dateReserved": "2026-02-24T14:30:17.726Z",
        "dateUpdated": "2026-07-10T18:44:51.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27880 (GCVE-0-2026-27880)

    Vulnerability from cvelistv5 – Published: 2026-03-27 14:12 – Updated: 2026-07-10 18:44
    VLAI
    Title
    OpenFeature evaluation API reads input data with no bounds
    Summary
    The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-125 - Out-of-bounds Read
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Grafana Grafana Affected: v12.1.0 , < v12.1.10 (semver)
    Affected: v12.2.0 , < v12.2.8 (semver)
    Affected: v12.3.0 , < v12.3.6 (semver)
    Affected: v12.4.0 , < v12.4.2 (semver)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Date Public
    2026-03-27 14:08
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27880",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T14:43:21.670196Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-10T13:56:28.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "broken-link"
                ],
                "url": "https://grafana.com/security/security-advisories/cve-2026-27880"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-27T14:12:20.075Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Grafana. A remote attacker can exploit the feature toggle evaluation endpoint by sending unbounded values, causing the system to read excessive data into memory. This can lead to out-of-memory crashes, resulting in a Denial of Service (DoS) for the affected service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:03.581Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-27880"
              },
              {
                "name": "RHBZ#2452295",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452295"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27880.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-27T15:03:43.019Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-27T14:12:20.075Z",
                "value": "Made public."
              }
            ],
            "title": "Grafana: Grafana: Denial of Service via unbounded memory read in feature toggle evaluation",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Grafana",
              "vendor": "Grafana",
              "versions": [
                {
                  "lessThan": "v12.1.10",
                  "status": "affected",
                  "version": "v12.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "v12.2.8",
                  "status": "affected",
                  "version": "v12.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "v12.3.6",
                  "status": "affected",
                  "version": "v12.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "v12.4.2",
                  "status": "affected",
                  "version": "v12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-03-27T14:08:45.874Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:44:51.954Z",
            "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
            "shortName": "GRAFANA"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://grafana.com/security/security-advisories/cve-2026-27880"
            }
          ],
          "source": {
            "discovery": "INTERNAL_FINDING"
          },
          "title": "OpenFeature evaluation API reads input data with no bounds",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "assignerShortName": "GRAFANA",
        "cveId": "CVE-2026-27880",
        "datePublished": "2026-03-27T14:12:20.075Z",
        "dateReserved": "2026-02-24T14:30:17.727Z",
        "dateUpdated": "2026-07-10T18:44:51.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }