Known Vulnerabilities for Grafana OSS by Grafana
Listed below are 6 of the newest known vulnerabilities associated with "Grafana OSS" by "Grafana".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33375 | The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restricti... | Not Provided | 2026-03-26 | 2026-03-27 |
| CVE-2026-28377 | A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potent... | Not Provided | 2026-03-26 | 2026-03-27 |
| CVE-2026-28375 | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27879 | A resample query can be used to trigger out-of-memory crashes in Grafana. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27876 | A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RC... | Not Provided | 2026-03-27 | 2026-03-28 |
| CVE-2026-21724 | A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allow... | Not Provided | 2026-03-26 | 2026-03-27 |