Grafana

Grafana

117 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.23%
  • Veröffentlicht 13.05.2026 19:28:28
  • Zuletzt bearbeitet 02.06.2026 19:28:40

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.

  • EPSS 0.33%
  • Veröffentlicht 13.05.2026 19:28:26
  • Zuletzt bearbeitet 18.05.2026 14:57:04

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger ...

  • EPSS 0.26%
  • Veröffentlicht 13.05.2026 19:28:25
  • Zuletzt bearbeitet 02.06.2026 19:28:59

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafan...

  • EPSS 0.2%
  • Veröffentlicht 15.04.2026 18:57:25
  • Zuletzt bearbeitet 20.04.2026 20:08:04

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cv...

  • EPSS 0.26%
  • Veröffentlicht 15.04.2026 14:59:41
  • Zuletzt bearbeitet 20.04.2026 20:16:40

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which i...

  • EPSS 0.38%
  • Veröffentlicht 27.03.2026 14:28:56
  • Zuletzt bearbeitet 31.03.2026 18:56:31

A resample query can be used to trigger out-of-memory crashes in Grafana.

  • EPSS 0.38%
  • Veröffentlicht 27.03.2026 14:26:19
  • Zuletzt bearbeitet 31.03.2026 18:15:45

A testdata data-source can be used to trigger out-of-memory crashes in Grafana.

Medienbericht
  • EPSS 1.93%
  • Veröffentlicht 27.03.2026 14:24:36
  • Zuletzt bearbeitet 27.06.2026 05:16:43

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vecto...

Medienbericht
  • EPSS 0.77%
  • Veröffentlicht 27.03.2026 14:12:20
  • Zuletzt bearbeitet 30.06.2026 03:17:59

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

  • EPSS 0.31%
  • Veröffentlicht 27.03.2026 14:02:11
  • Zuletzt bearbeitet 30.06.2026 03:17:59

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to prox...