3 matches found
CVE-2026-28383
A flaw was found in Grafana. An authenticated user can exploit a vulnerability in the plugin resources endpoint by sending a request that causes unbounded memory allocation. This occurs when the system attempts to read the entire request body into memory. Successful exploitation can lead to an...
Allocation of Resources Without Limits or Throttling
Overview github.com/grafana/grafana/pkg/api is an open and composable observability and data visualization platform. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the plugin resources endpoint when the system reads the entire request...
CVE-2026-28383
A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service...