RCE on Grafana via sqlExpressions

Description

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

Affected Products

Vendor	Product	Versions
grafana	grafana enterpri	v11.6.0, v12.0.0, v12.2.0, v12.3.0, v12.4.0

References

https://grafana.com/security/security-advisories/cve-2026-27876(vendor-advisory)

Related News (3 articles)

Tier C

VulDB6h ago

CVE-2026-27876 | Grafana Enterprise up to 11.6.13/12.1.9/12.2.7/12.3.5/12.4.1 Expressions Feature privilege escalation

→ No new info (linked only)

Tier B

CCCS Canada1d ago

Grafana security advisory (AV26-285)

→ No new info (linked only)

Tier B

CERT-FR1d ago

Multiples vulnérabilités dans Grafana (26 mars 2026)

→ No new info (linked only)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Published3/27/2026

Last enriched5h agov2

Trending Score57

Source articles3

Independent3

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Version History

Last enriched 5h ago

v2Tier C5h ago

Updated affected versions to include v11.6.13/12.1.9/12.2.7/12.3.5/12.4.1 and changed severity to HIGH.

affectedVersions

via VulDB

v15h ago

Initial creation