CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2026-21727 – Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record
https://notcve.org/view.php?id=CVE-2026-21727
15 Apr 2026 — --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvss_score: "3.3" cvss_vector: "CVSS:3.3/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" fixed_versions: - ">=11.6.11 >=12.0.9 >=12.1.6 >=12.2.4" --- A cross-tenant isolation vulnerability was found in Grafana’s Correlations feature affecting legacy correlati... • https://grafana.com/security/security-advisories/cve-2026-21727 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12141 – Grafana Alerting Editors can edit destination of webhooks they did not create
https://notcve.org/view.php?id=CVE-2025-12141
15 Apr 2026 — In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit contact points created by other users, modify the endpoint URL to a controlled server. By invoking the test functionality, attackers can capture and extract redacted secure settings, such as authentication credentials f... • https://grafana.com/security/security-advisories/cve-2025-12141 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-27879 – Query resampling can cause unbounded memory allocations
https://notcve.org/view.php?id=CVE-2026-27879
27 Mar 2026 — A resample query can be used to trigger out-of-memory crashes in Grafana. • https://grafana.com/security/security-advisories/cve-2026-27879 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-28375 – Grafana Testdata datasource can issue unbounded memory allocations
https://notcve.org/view.php?id=CVE-2026-28375
27 Mar 2026 — A testdata data-source can be used to trigger out-of-memory crashes in Grafana. • https://grafana.com/security/security-advisories/cve-2026-28375 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-27876 – RCE on Grafana via sqlExpressions
https://notcve.org/view.php?id=CVE-2026-27876
27 Mar 2026 — A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable. Only instances in the following version ranges are affected: - 11.6.0 (inclusive) to 11.6.14 (exclusive): 11.6.14 has the fix. 11.5 and below are not affected. - 12... • https://grafana.com/security/security-advisories/cve-2026-27876 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-27880 – OpenFeature evaluation API reads input data with no bounds
https://notcve.org/view.php?id=CVE-2026-27880
27 Mar 2026 — The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes. • https://grafana.com/security/security-advisories/cve-2026-27880 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-27877 – Public dashboards discloses all direct mode datasources
https://notcve.org/view.php?id=CVE-2026-27877
27 Mar 2026 — When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security. • https://grafana.com/security/security-advisories/cve-2026-27877 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-33375 – Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
https://notcve.org/view.php?id=CVE-2026-33375
26 Mar 2026 — The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container. El plugin de fuente de datos de Grafana MSSQL contiene un fallo lógico que permite a un usuario con pocos privilegios (Visor) eludir las restricciones de la API y desencadenar un agotamiento catastrófico de la memoria por Out-Of-Memory (OOM), lo que provoca la caída del contenedor anfitr... • https://grafana.com/security/security-advisories/cve-2026-33375 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34111 – Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin
https://notcve.org/view.php?id=CVE-2023-34111
06 Jun 2023 — The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the wor... • https://github.com/taosdata/grafanaplugin/blob/master/.github/workflows/release-pr-merged.yaml#L25 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •