Grafana
This hub aggregates every CVE we track for Grafana, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
117
CVEs tracked
11
Critical
29
High
2
In CISA KEV
Severity distribution
MEDIUM73HIGH29CRITICAL11LOW4
Monthly trend
1
1
2
1
0
1
1
0
1
2
3
3
0
0
0
1
0
2
3
7
4
10
3
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Grafana.
- CVE-2026-42127Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler7.5
- CVE-2026-9029Stored XSS via Geomap Panel Template Variable Attribution Injection7.3
- CVE-2026-10601Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access5.4
- CVE-2026-28374IDOR in Annotations API allows unprivileged users to DELETE annotation4.3
- CVE-2026-33378Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro6.5
- CVE-2026-28383Grafana plugin resources can lead to unbounded memory allocation6.5
- CVE-2026-33376Auth Proxy IPv6 whitelist bypass7.4
- CVE-2026-33380SQL Expressions Read File From Disk6.3
- CVE-2026-28380BAC in Snapshot API allows deletion of unauthorized dashboard snapshots6.5
- CVE-2026-33381Users can generate Service Account tokens after permissions removal5.9
- CVE-2026-33377Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin7.1
- CVE-2026-28376Grafana Live push endpoint allows unbounded memory allocation leading to OOM6.5
- CVE-2026-28379Viewer-triggered race condition in Grafana Live leads to complete server crash6.5
- CVE-2026-21727Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record3.3
- CVE-2025-12141Grafana Alerting Editors can edit destination of webhooks they did not create6.5
Product normalization is registry-driven with AI assist and human review. How it works