CVE-2026-27880

High CVSS: 7.5

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

Vendor

Product

CWE

Yayın Tarihi

2026-03-27 15:16:51

Güncelleme

2026-03-31 18:56:37

Source Identifier

security@grafana.com

KEV Date Added

CWE-787 Grafana HIGH Grafana 2026

https://grafana.com/security/security-advisories/cve-2026-27880 https://grafana.com/security/security-advisories/cve-2026-27880

Medium

CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being u…

Medium

CVE-2026-27879

A resample query can be used to trigger out-of-memory crashes in Grafana.

Medium

CVE-2026-28375

A testdata data-source can be used to trigger out-of-memory crashes in Grafana.

Critical

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impac…

High

CVE-2026-28377

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, p…

Medium

CVE-2026-33375

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API rest…