2 matches found
EUVD-2026-42920
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...
Authorization vulnerability in /apis allows authenticated users to bypass all dashboard permissions
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: Viewers can view all dashboards/folders regardless of permissions Editors...