Grafana

Grafana

119 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.26%
  • Veröffentlicht 13.05.2026 19:28:32
  • Zuletzt bearbeitet 16.06.2026 19:33:18

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

  • EPSS 0.25%
  • Veröffentlicht 13.05.2026 19:28:31
  • Zuletzt bearbeitet 16.06.2026 19:28:22

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.

  • EPSS 0.23%
  • Veröffentlicht 13.05.2026 19:28:28
  • Zuletzt bearbeitet 02.06.2026 19:28:40

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.

  • EPSS 0.33%
  • Veröffentlicht 13.05.2026 19:28:26
  • Zuletzt bearbeitet 18.05.2026 14:57:04

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger ...

  • EPSS 0.26%
  • Veröffentlicht 13.05.2026 19:28:25
  • Zuletzt bearbeitet 02.06.2026 19:28:59

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafan...

  • EPSS 0.2%
  • Veröffentlicht 15.04.2026 18:57:25
  • Zuletzt bearbeitet 20.04.2026 20:08:04

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cv...

  • EPSS 0.26%
  • Veröffentlicht 15.04.2026 14:59:41
  • Zuletzt bearbeitet 20.04.2026 20:16:40

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which i...

  • EPSS 0.38%
  • Veröffentlicht 27.03.2026 14:28:56
  • Zuletzt bearbeitet 31.03.2026 18:56:31

A resample query can be used to trigger out-of-memory crashes in Grafana.

  • EPSS 0.38%
  • Veröffentlicht 27.03.2026 14:26:19
  • Zuletzt bearbeitet 31.03.2026 18:15:45

A testdata data-source can be used to trigger out-of-memory crashes in Grafana.

Medienbericht
  • EPSS 1.93%
  • Veröffentlicht 27.03.2026 14:24:36
  • Zuletzt bearbeitet 27.06.2026 05:16:43

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vecto...