Grafana

Grafana

106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-28376

  • EPSS 0.04%
  • Veröffentlicht 13.05.2026 19:28:26
  • Zuletzt bearbeitet 15.05.2026 18:37:42

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger ...

6.5

CVE-2026-28379

  • EPSS 0.04%
  • Veröffentlicht 13.05.2026 19:28:25
  • Zuletzt bearbeitet 14.05.2026 19:16:31

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafan...

3.3

CVE-2026-21727

  • EPSS 0.02%
  • Veröffentlicht 15.04.2026 18:57:25
  • Zuletzt bearbeitet 20.04.2026 20:08:04

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cv...

6.5

CVE-2025-12141

  • EPSS 0.06%
  • Veröffentlicht 15.04.2026 14:59:41
  • Zuletzt bearbeitet 20.04.2026 20:16:40

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which i...

6.5

CVE-2026-27879

  • EPSS 0.03%
  • Veröffentlicht 27.03.2026 14:28:56
  • Zuletzt bearbeitet 31.03.2026 18:56:31

A resample query can be used to trigger out-of-memory crashes in Grafana.

6.5

CVE-2026-28375

  • EPSS 0.03%
  • Veröffentlicht 27.03.2026 14:26:19
  • Zuletzt bearbeitet 31.03.2026 18:15:45

A testdata data-source can be used to trigger out-of-memory crashes in Grafana.

9.1

CVE-2026-27876

Medienbericht
  • EPSS 0.18%
  • Veröffentlicht 27.03.2026 14:24:36
  • Zuletzt bearbeitet 02.04.2026 16:16:21

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vecto...

7.5

CVE-2026-27880

Medienbericht
  • EPSS 0.04%
  • Veröffentlicht 27.03.2026 14:12:20
  • Zuletzt bearbeitet 10.05.2026 14:16:48

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

7.5

CVE-2026-27877

  • EPSS 0.02%
  • Veröffentlicht 27.03.2026 14:02:11
  • Zuletzt bearbeitet 10.05.2026 14:16:48

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to prox...

4.3

CVE-2026-21724

  • EPSS 0.02%
  • Veröffentlicht 26.03.2026 20:06:18
  • Zuletzt bearbeitet 14.04.2026 01:00:10

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write ...