Known Vulnerabilities for products from Grafana
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Grafana".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33375 json | The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restricti... | Not Provided | 2026-03-26 | 2026-03-31 |
| CVE-2026-28377 json | A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potent... | Not Provided | 2026-03-26 | 2026-03-31 |
| CVE-2026-28375 json | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27880 json | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes. | Not Provided | 2026-03-27 | 2026-05-10 |
| CVE-2026-27879 json | A resample query can be used to trigger out-of-memory crashes in Grafana. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27877 json | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used i... | Not Provided | 2026-03-27 | 2026-05-10 |
| CVE-2026-27876 json | Not Provided | 2026-03-27 | 2026-04-02 | |
| CVE-2026-21727 json | --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.... | Not Provided | 2026-04-15 | 2026-04-20 |
| CVE-2026-21726 json | The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double en... | Not Provided | 2026-04-15 | 2026-04-20 |
| CVE-2026-21725 json | A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted withou... | Not Provided | 2026-02-25 | 2026-05-10 |
| CVE-2026-21724 json | Not Provided | 2026-03-26 | 2026-04-09 | |
| CVE-2026-21721 json | The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action.... | Not Provided | 2026-01-27 | 2026-04-20 |
| CVE-2025-41118 json | Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent ... | Not Provided | 2026-04-15 | 2026-04-20 |
| CVE-2025-12141 json | In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifica... | Not Provided | 2026-04-15 | 2026-04-20 |
| CVE-2025-4123 json | A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. T... | Not Provided | 2025-05-22 | 2026-04-29 |
| CVE-2023-22462 json | Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a mem... | 5.4 - MEDIUM | 2023-03-02 | 2024-02-01 |
| CVE-2023-4822 json | Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several... | 7.2 - HIGH | 2023-10-16 | 2023-11-04 |
| CVE-2023-4457 json | Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versi... | 7.5 - HIGH | 2023-10-16 | 2023-10-20 |
| CVE-2023-4399 json | Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list... | 7.2 - HIGH | 2023-10-17 | 2023-10-24 |
| CVE-2023-3128 json | Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and ca... | 9.8 - CRITICAL | 2023-06-22 | 2023-07-21 |
Known software with vulnerabilities from Grafana
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Grafana | Grafana | - |
| Application | Grafana | Piechart-panel | 0.0.1 |