Grafana Multiple Vulnerabilities - Cross-Site Scripting and Information Disclosure

72% confidence

Description

Multiple vulnerabilities in Grafana allow a remote anonymous attacker to perform Cross-Site Scripting (XSS) attacks or disclose sensitive information. [Auto-archived: reprocess_orphan — 2026-03-27T08:11:49.363Z]

Affected Products

Vendor	Product	Versions
grafana	grafana	—

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79, CWE-200

Published3/26/2026

Last enriched2h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: archived

Confidence: 7200%

Version History

Last enriched 2h ago

v2Tier B2h ago

Updated severity to HIGH, marked exploit as available, and added new tags for denial-of-service and privilege escalation.

severityexploitAvailableactivelyExploitedtags

via BSI Advisories

v12h ago

Initial creation