CVE-2026-33378

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

CVE-2026-33378 Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

CVE-2026-33378

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

PT-2026-40792

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An Out-of-Memory OOM condition can be triggered by overloading the server through the use of the $ timeGroup macro. This issue requires the use of a SQL...