Grafana Labs Security
Grafana, Loki, Tempo, Pyroscope security advisories.
10 advisories tracked · showing 10
- May 13, 2026CVE-2026-28379Disclosed before NVD
Viewer-triggered race condition in Grafana Live leads to complete server crash
- May 13, 2026CVE-2026-33381Disclosed before NVD
Users can generate Service Account tokens after permissions removal
- May 13, 2026CVE-2026-33380Disclosed before NVD
SQL Expressions Read File From Disk
- May 13, 2026CVE-2026-28374Disclosed before NVD
IDOR in Annotations API allows unprivileged users to DELETE annotation
- May 13, 2026CVE-2026-28383Disclosed before NVD
Grafana plugin resources can lead to unbounded memory allocation
- May 13, 2026CVE-2026-28376Disclosed before NVD
Grafana Live push endpoint allows unbounded memory allocation leading to OOM
- May 13, 2026CVE-2026-33378Disclosed before NVD
Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro
- May 13, 2026CVE-2026-33377Disclosed before NVD
Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
- May 13, 2026CVE-2026-28380Disclosed before NVD
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
- May 13, 2026CVE-2026-33376Disclosed before NVD
Auth Proxy IPv6 whitelist bypass