CVE-2026-27879 Grafana CVE debrief

Who should care

Organizations using Grafana, especially those with self-hosted instances, should be aware of this vulnerability. Grafana administrators and security teams should assess their exposure and take necessary actions to mitigate the risk.

Technical summary

The vulnerability exists in the resample query functionality of Grafana. An attacker with low privileges (PR:L) can send a malicious query that causes the system to run out of memory, leading to a crash. The vulnerability is characterized by the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. Affected versions include Grafana up to 8.0.0, 11.6.14 to 12.0.0, 12.1.10 to 12.2.0, 12.2.8 to 12.3.0, and 12.3.6 to 12.4.0.

Defensive priority

Medium

Recommended defensive actions

• Update Grafana to a version that is not vulnerable.
• Implement network access controls to limit who can send queries to Grafana.
• Monitor Grafana logs for suspicious query activity.
• Consider implementing a Web Application Firewall (WAF) to detect and block malicious queries.
• Restrict query capabilities for low-privilege users.
• Regularly review and update Grafana configurations to ensure security best practices are followed.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and the CVE.org record. The CVE was published on 2026-03-27 and modified on 2026-06-17. The vulnerability details are sourced from official vulnerability databases and vendor advisories.

Official resources