grafana

Top products

The 15 most recently published vulnerabilities affecting grafana.

• CVE-2026-42127Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler7.5Jun 22, 2026
• CVE-2026-28381Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT9.6Jun 22, 2026
• CVE-2026-9029Stored XSS via Geomap Panel Template Variable Attribution Injection7.3Jun 22, 2026
• CVE-2026-10601Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access5.4Jun 22, 2026
• CVE-2026-42129Path Traversal in Loki Datasource leads to Internal Information Disclosure7.7Jun 22, 2026
• CVE-2026-27878Tempo TraceQL query with exemplar hint could result in unbounded memory usage6.5Jun 19, 2026
• CVE-2026-28374IDOR in Annotations API allows unprivileged users to DELETE annotation4.3May 13, 2026
• CVE-2026-33378Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro6.5May 13, 2026
• CVE-2026-28383Grafana plugin resources can lead to unbounded memory allocation6.5May 13, 2026
• CVE-2026-33376Auth Proxy IPv6 whitelist bypass7.4May 13, 2026
• CVE-2026-33380SQL Expressions Read File From Disk6.3May 13, 2026
• CVE-2026-28380BAC in Snapshot API allows deletion of unauthorized dashboard snapshots6.5May 13, 2026
• CVE-2026-33381Users can generate Service Account tokens after permissions removal5.9May 13, 2026
• CVE-2026-33377Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin7.1May 13, 2026
• CVE-2026-28376Grafana Live push endpoint allows unbounded memory allocation leading to OOM6.5May 13, 2026