These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-42127 is a high-severity vulnerability in Grafana's public dashboard query endpoint. The endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vul [truncated]
CVE-2026-28381 is a critical vulnerability with a CVSS score of 9.6, affecting the Snowflake data source in Grafana. The vulnerability allows any user with access to run queries against the data source to read and write files between the local Grafana server and the connected Snowflake host. This issue poses a significant risk as it could enable unauthorized data access or modification. Organizations usin [truncated]
A critical security vulnerability has been discovered in the Grafana Operator, affecting all versions up to and including 5.23. This vulnerability, tracked as CVE-2026-11769, allows a malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance to obtain the Kubernetes service account token of the Grafana Operator manager.
CVE-2026-33381 is a vulnerability in Grafana that allows users to mint tokens for a service account for a short period after their access has been revoked. The vulnerability has a CVSS score of 5.9 and is classified as MEDIUM severity. Grafana has released an advisory for this vulnerability.
CVE-2026-33380 is a medium-severity vulnerability in Grafana's SQL Expressions feature. An authenticated attacker can exploit this vulnerability to read arbitrary files from the Grafana server's filesystem. This vulnerability is only exploitable if the sqlExpressions feature toggle is enabled.
CVE-2026-28376 is a medium-severity (CVSS 6.5) denial-of-service vulnerability in Grafana affecting multiple versions. The Grafana Live push endpoint fails to properly limit request body sizes, allowing authenticated attackers to trigger unbounded memory allocation through large or streaming requests, potentially causing out-of-memory conditions. The vulnerability requires low attack complexity and low pr [truncated]
CVE-2026-28375 is a medium-severity vulnerability in Grafana's testdata data-source that can trigger out-of-memory crashes. The vulnerability was published on March 27, 2026, and last modified on June 17, 2026. It has a CVSS score of 6.5 and is classified as CWE-400. The vulnerability affects multiple versions of Grafana, including those prior to 8.1.0, 11.6.14, 12.0.0, 12.1.10, 12.2.8, and 12.3.6. Users [truncated]
CVE-2026-27880 is a high-severity denial-of-service issue described by NVD as an unbounded-memory read in the OpenFeature feature toggle evaluation endpoint that can lead to out-of-memory crashes. The record is network-exploitable, requires no privileges or user interaction, and is rated 7.5 (HIGH).
CVE-2026-27879 is a medium-severity vulnerability affecting Grafana, a popular open-source analytics and visualization platform. The vulnerability allows an attacker to trigger an out-of-memory crash by sending a specially crafted resample query. This can be done by an attacker with low privileges, making it a concern for organizations using Grafana. The vulnerability has a CVSS score of 6.5 and is tracke [truncated]
CVE-2026-27877 is a Grafana information-disclosure issue affecting public dashboards that use direct data-sources. According to the CVE description, passwords for direct data-sources can be exposed even when those data-sources are not actually used in the dashboards. Grafana states that proxied data-sources are not exposed and recommends converting direct data-sources to proxied data-sources wherever possible.
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container. This vulnerability has a CVSS score of 6.5 and is classified as Medium severity. The flaw affects multiple versions of Grafana, including 11.6.0 to 11.6.14, 12.1.0 to 12.1.10, 12.2.0 t [truncated]
CVE-2026-21725 describes a race-condition/TOCTOU issue in Grafana datasource deletion handling. Under a very narrow set of conditions, an attacker who previously had admin access to a datasource can delete it, wait for someone else to recreate it with the same UID, and then delete the recreated datasource without having admin rights on the new object. The practical risk is limited by several gating condit [truncated]