CVE-2026-33375

Medium CVSS: 6.5

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.

Vendor

Grafana

Product

Grafana

CWE

CWE-400

Yayın Tarihi

2026-03-26 21:17:05

Güncelleme

2026-03-31 19:01:30

Source Identifier

security@grafana.com

KEV Date Added

Kategoriler

CWE-400 Grafana MEDIUM Grafana 2026

Referanslar

https://grafana.com/security/security-advisories/cve-2026-33375

Benzer Kayıtlar

Medium

CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being u…

Medium

CVE-2026-27879

A resample query can be used to trigger out-of-memory crashes in Grafana.

High

CVE-2026-27880

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory cra…

Medium

CVE-2026-28375

A testdata data-source can be used to trigger out-of-memory crashes in Grafana.

Critical

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impac…

High

CVE-2026-28377

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, p…