Grafana Labs CVE 脆弱性と CVE 一覧(121)

製品(CPE): — CVE 件数: 121

Grafana Labs 脆弱性概要

Grafana Labs 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は パス処理の欠陥、vendor risk ssrf, and vendor risk sql injection に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact data exposure and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 121 CVE 件数
«« 先頭 « 前へ 1 / 7 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-42127 The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vulnerability. [email protected] 7.5 0.43% 2026-06-22 2026-06-30
CVE-2026-9029 The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent() runs on the raw template string before getTemplateSrv().replace() substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via element.innerHTML. An Editor can set a textbox variable's default value to an XSS payload that executes for every user who opens the dashboard. This is a bypass of the CVE-2023-0507 fix [email protected] 7.3 0.30% 2026-06-22 2026-06-30
CVE-2026-42129 The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints (e.g. /config, /services, /ready) to extract sensitive backend configuration and internal service information. [email protected] 7.7 0.39% 2026-06-22 2026-06-30
CVE-2026-28381 The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host. [email protected] 9.6 0.23% 2026-06-22 2026-06-30
CVE-2026-10601 The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: (1) capture admin-configured datasource credentials (secureJsonData custom headers) by traversing to an attacker-controlled endpoint, (2) invoke state-changing admin endpoints on Tempo (e.g. /flush, /shutdown), and (3) exfiltrate internal service data via Loki's CallResource which returns full HTTP respons [email protected] 5.4 0.26% 2026-06-22 2026-06-30
CVE-2026-27878 A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service. [email protected] 6.5 0.24% 2026-06-19 2026-06-29
CVE-2026-11769 We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. ### Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating language. The jsonnet expression is evaluated in the context of the operator manager pod. ### Impact It is possible for a malicious user who can create Dashboard or LibraryPanel resourc [email protected] 6.4 0.36% 2026-06-13 2026-06-30
CVE-2026-33381 When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this. [email protected] 5.9 0.24% 2026-05-13 2026-06-17
CVE-2026-33380 A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable. [email protected] 6.3 0.25% 2026-05-13 2026-06-17
CVE-2026-33378 Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server. [email protected] 6.5 0.33% 2026-05-13 2026-06-17
CVE-2026-33377 An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege. [email protected] 7.1 0.23% 2026-05-13 2026-06-17
CVE-2026-33376 When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128) to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here. [email protected] 7.4 0.27% 2026-05-13 2026-06-17
CVE-2026-28383 A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service. [email protected] 6.5 0.33% 2026-05-13 2026-06-17
CVE-2026-28380 Any Editor could delete any snapshot, even if they have no access to read or write them. [email protected] 6.5 0.23% 2026-05-13 2026-06-17
CVE-2026-28379 A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server. [email protected] 6.5 0.26% 2026-05-13 2026-06-17
CVE-2026-28376 The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue. [email protected] 6.5 0.33% 2026-05-13 2026-06-17
CVE-2026-28374 Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations. [email protected] 4.3 0.20% 2026-05-13 2026-06-17
CVE-2026-21728 Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18). [email protected] 7.5 0.65% 2026-04-24 2026-06-29
CVE-2026-21727 --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvss_score: "3.3" cvss_vector: "CVSS:3.3/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" fixed_versions: - ">=11.6.11 >=12.0.9 >=12.1.6 >=12.2.4" --- A cross-tenant isolation vulnerability was found in Grafana’s Correlations feature affectin [email protected] 3.3 0.20% 2026-04-15 2026-06-17
CVE-2026-21726 The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace} Thanks to Prasanth Sundararajan for reporting this vulnerability. [email protected] 5.3 0.41% 2026-04-15 2026-06-17
«« 先頭 « 前へ 1 / 7 次へ »
cvelogic Threat Intelligence