Grafana Multiple Vulnerabilities - Cross-Site Scripting and Information Disclosure

72% confidence

Description

Multiple vulnerabilities in Grafana allow a remote authenticated attacker to manipulate files or cause a Denial-of-Service condition.

Vendor	Product	Versions
grafana	grafana	—

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79, CWE-200

Published3/26/2026

Last enriched52m agov3

0 upvotes0 downvotes

No votes yet

State: archived

Confidence: 7200%

Last enriched 52m ago

v3Tier B52m ago

Updated description to include file manipulation and Denial-of-Service capabilities, and changed severity from HIGH to MEDIUM.

descriptionseverity

via BSI Advisories

v2Tier B4h ago

Updated severity to HIGH, marked exploit as available, and added new tags for denial-of-service and privilege escalation.

severityexploitAvailableactivelyExploitedtags

via BSI Advisories

v14h ago

Initial creation