Known Vulnerabilities for products from Grafana
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Grafana".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33375 json | Not Provided | 2026-03-26 | 2026-03-27 | |
| CVE-2026-28377 json | A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potent... | Not Provided | 2026-03-26 | 2026-03-31 |
| CVE-2026-28375 json | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27880 json | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27879 json | A resample query can be used to trigger out-of-memory crashes in Grafana. | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27877 json | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used i... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27876 json | Not Provided | 2026-03-27 | 2026-04-02 | |
| CVE-2026-21727 json | --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.... | Not Provided | 2026-04-15 | 2026-04-20 |
| CVE-2026-21726 json | The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double en... | Not Provided | 2026-04-15 | 2026-04-20 |
| CVE-2026-21724 json | A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allow... | Not Provided | 2026-03-26 | 2026-04-14 |
| CVE-2026-21721 json | The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action.... | Not Provided | 2026-01-27 | 2026-04-20 |
| CVE-2025-41118 json | Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent ... | Not Provided | 2026-04-15 | 2026-04-20 |
| CVE-2025-12141 json | In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifica... | Not Provided | 2026-04-15 | 2026-04-20 |
| CVE-2023-22462 json | Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a mem... | 5.4 - MEDIUM | 2023-03-02 | 2024-02-01 |
| CVE-2023-4822 json | Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several... | 7.2 - HIGH | 2023-10-16 | 2023-11-04 |
| CVE-2023-4457 json | Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versi... | 7.5 - HIGH | 2023-10-16 | 2023-10-20 |
| CVE-2023-4399 json | Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list... | 7.2 - HIGH | 2023-10-17 | 2023-10-24 |
| CVE-2023-3128 json | Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and ca... | 9.8 - CRITICAL | 2023-06-22 | 2023-07-21 |
| CVE-2023-3010 json | Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 conta... | 6.1 - MEDIUM | 2023-10-25 | 2023-10-31 |
| CVE-2023-2801 json | Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple disti... | 5.3 - MEDIUM | 2023-06-06 | 2023-07-06 |
Known software with vulnerabilities from Grafana
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Grafana | Grafana | - |
| Application | Grafana | Piechart-panel | 0.0.1 |