336 matches found
CVE-2026-28383 vulnerabilities
Vulnerabilities for packages: grafana...
CVE-2026-28380 vulnerabilities
Vulnerabilities for packages: grafana...
CVE-2026-33381 vulnerabilities
Vulnerabilities for packages: grafana...
CVE-2026-33380
A flaw was found in Grafana. An authenticated attacker can exploit a vulnerability in SQL Expressions to read arbitrary files from the Grafana server's filesystem. This information disclosure is possible only when the sqlExpressions feature toggle is enabled...
CVE-2026-28374
A flaw was found in Grafana. An authenticated editor user could exploit this vulnerability to delete any annotation, even those for which they lack read permissions. This unauthorized action compromises the integrity of data by allowing deletion of information beyond their intended access scope...
CVE-2026-28379
A flaw was found in Grafana Live, where a race condition allows authenticated users with a Viewer role to trigger a server crash. By sending concurrent requests, these users can cause a fatal map access error, leading to complete service unavailability Denial of Service. This requires a restart o...
FreeBSD : Grafana -- Public dashboards discloses all direct mode datasources (6b2bf8e9-5900-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6b2bf8e9-5900-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-27877 reports: When using public dashboards a...
FreeBSD : Grafana -- Grafana Testdata datasource can issue unbounded memory allocations (62717c0f-5901-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 62717c0f-5901-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-28375 reports: A testdata data-source can be...
Exploit for Path Traversal in Grafana
GrafTraverse - CVE-2021-43798 MiNi Exploitation Framework...
CVE-2026-28380
A flaw was found in Grafana. An authenticated user with editor privileges could exploit a Broken Access Control BAC vulnerability in the Snapshot API. This flaw allows an editor to delete any dashboard snapshot, even those they do not have explicit read or write access to, leading to unauthorized...
ROS-20260524-73-0049
Vulnerability in grafana related to a flaw in the authorization procedure. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...
ROS-20260524-73-0048
Vulnerability in grafana related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
CLSA-2026-1779532464 grafana: Fix of CVE-2022-39324
CVE-2022-39324: build snapshot originalUrl on the backend with a UID check and warn through a confirm modal before navigating to a cross-origin snapshot URL...
RHSA-2026:19352 Red Hat Security Advisory: grafana security update
Bulletin has no description...
RHSA-2026:19185 Red Hat Security Advisory: grafana security update
Bulletin has no description...
RHSA-2026:19134 Red Hat Security Advisory: grafana security update
Bulletin has no description...
RHSA-2026:19027 Red Hat Security Advisory: grafana security update
Bulletin has no description...
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along wi...
Important: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CLSA-2026-1779152708 grafana: Fix of CVE-2026-32283
CVE-2026-32283: rebuild against golang = 1.25.7-1.el96.tuxcare.els5 to fix crypto/tls DoS where multiple post-handshake KeyUpdate messages in a single TLS 1.3 record deadlock the connection setReadTrafficSecret reacquired the conn mutex via sendAlert...