Grafana Grafana-Image-Renderer vulnerabilities
2 known vulnerabilities affecting grafana/grafana-image-renderer.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-11539P2CRITICALCVSS 9.9≥ 1.0.0, ≤ 4.0.162025-10-09
CVE-2025-11539 [CRITICAL] CWE-94 CVE-2025-11539: Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnera
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process.
Instances are vulnerable
nvd
CVE-2022-31176P3HIGHCVSS 8.1fixed in 3.6.1fixed in 3.6.02022-09-02
CVE-2022-31176 [HIGH] CWE-200 CVE-2022-31176: Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasour
nvd