CVE-2026-27877

Medium CVSS: 6.5

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards.

No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

Vendor

Grafana

Product

Grafana

CWE

NVD-CWE-noinfo

Yayın Tarihi

2026-03-27 15:16:51

Güncelleme

2026-03-31 18:58:29

Source Identifier

security@grafana.com

KEV Date Added

Kategoriler

NVD-CWE-noinfo Grafana MEDIUM Grafana 2026

Referanslar

https://grafana.com/security/security-advisories/cve-2026-27877 https://grafana.com/security/security-advisories/cve-2026-27877

Benzer Kayıtlar

Medium

CVE-2026-27879

A resample query can be used to trigger out-of-memory crashes in Grafana.

High

CVE-2026-27880

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory cra…

Medium

CVE-2026-28375

A testdata data-source can be used to trigger out-of-memory crashes in Grafana.

Critical

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impac…

High

CVE-2026-28377

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, p…

Medium

CVE-2026-33375

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API rest…