CVE-2026-33375
published 2026-03-26CVE-2026-33375: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic…
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.43%
34.7th percentile
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| grafana | grafana | >= 11.6.0 < 11.6.14 | 11.6.14 |
| grafana | grafana | >= 12.1.0 < 12.1.10 | 12.1.10 |
| grafana | grafana | >= 12.2.0 < 12.2.8 | 12.2.8 |
| grafana | grafana | >= 12.3.0 < 12.3.6 | 12.3.6 |
| grafana | grafana | >= 12.4.0 < 12.4.2 | 12.4.2 |
| grafana | grafana_oss | >= 11.6.0 < 11.6.14+security-01 | 11.6.14+security-01 |
| grafana | grafana_oss | >= 12.1.0 < 12.1.10+security-01 | 12.1.10+security-01 |
| grafana | grafana_oss | >= 12.2.0 < 12.2.8+security-01 | 12.2.8+security-01 |
| grafana | grafana_oss | >= 12.3.0 < 12.3.6+security-01 | 12.3.6+security-01 |
| grafana | grafana_oss | >= 12.4.0 < 12.4.2 | 12.4.2 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Grafana MSSQL Data Source Plugin: Grafana MSSQL Data Source Plugin: Denial of Service via Out-Of-Memory exhaustion
vendor_redhat·2026-03-26·CVSS 6.5
CVE-2026-33375 [MEDIUM] CWE-770 Grafana MSSQL Data Source Plugin: Grafana MSSQL Data Source Plugin: Denial of Service via Out-Of-Memory exhaustion
Grafana MSSQL Data Source Plugin: Grafana MSSQL Data Source Plugin: Denial of Service via Out-Of-Memory exhaustion
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.
A flaw was found in the Grafana MSSQL Data Source Plugin. A low-privileged user, such as a Viewer, can exploit a logic flaw to bypass API restrictions. This allows them to trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, leading to the crashing of the host container. This vulnerability can result in a Denial of Service (DoS) for the affected system.
Package: grafana (Red Hat Enterprise Linux 10) - Not affected
Package: grafana (Red Hat Ente
GHSA
GHSA-9vq6-r4xh-vm55: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastr
ghsa_unreviewed·2026-03-26
CVE-2026-33375 [MEDIUM] CWE-400 GHSA-9vq6-r4xh-vm55: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastr
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.
No detection rules found.
No public exploits indexed.
2026-03-26
Published