6.5

CVE-2026-33375

Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GrafanaGrafana SwEdition- Version >= 11.6.0 < 11.6.14
GrafanaGrafana SwEdition- Version >= 12.1.0 < 12.1.10
GrafanaGrafana SwEdition- Version >= 12.2.0 < 12.2.8
GrafanaGrafana SwEdition- Version >= 12.3.0 < 12.3.6
GrafanaGrafana SwEdition- Version >= 12.4.0 < 12.4.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.063
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@grafana.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.