Grafana Oss vulnerabilities
2 known vulnerabilities affecting grafana/grafana_oss.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-21724MEDIUMCVSS 5.4≥ 12.3.1, < 12.3.6≥ 12.2.2, < 12.2.8+2 more2026-03-26
CVE-2026-21724 [MEDIUM] CWE-285 CVE-2026-21724: A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission.
cvelistv5nvd
CVE-2026-33375MEDIUMCVSS 6.5≥ 11.6.0, < 11.6.14+security-01≥ 12.1.0, < 12.1.10+security-01+3 more2026-03-26
CVE-2026-33375 [MEDIUM] CWE-400 CVE-2026-33375: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.
cvelistv5nvd