grafana labs

Top products

The 15 most recently published vulnerabilities affecting grafana labs.

• CVE-2026-28374IDOR in Annotations API allows unprivileged users to DELETE annotation4.3May 13, 2026
• CVE-2026-33378Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro6.5May 13, 2026
• CVE-2026-28383Grafana plugin resources can lead to unbounded memory allocation6.5May 13, 2026
• CVE-2026-33376Auth Proxy IPv6 whitelist bypass7.4May 13, 2026
• CVE-2026-33380SQL Expressions Read File From Disk6.3May 13, 2026
• CVE-2026-28380BAC in Snapshot API allows deletion of unauthorized dashboard snapshots6.5May 13, 2026
• CVE-2026-33381Users can generate Service Account tokens after permissions removal5.9May 13, 2026
• CVE-2026-33377Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin7.1May 13, 2026
• CVE-2026-28376Grafana Live push endpoint allows unbounded memory allocation leading to OOM6.5May 13, 2026
• CVE-2026-28379Viewer-triggered race condition in Grafana Live leads to complete server crash6.5May 13, 2026
• CVE-2026-21726Loki Path Traversal - CVE-2021-36156 Bypass5.3Apr 15, 2026
• CVE-2025-41118Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection9.1Apr 15, 2026
• CVE-2026-21727Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record3.3Apr 15, 2026
• CVE-2025-12141Grafana Alerting Editors can edit destination of webhooks they did not create6.5Apr 15, 2026
• BDU:2026-04993Уязвимости ИИ-модуля платформы для мониторинга и наблюдения Grafana, позволяющая нарушителю обойти существующие механизмы безопасности и раскрыть защищаемую информацию7.5Apr 13, 2026