Back to CVE List

CVE-2026-33382

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Description

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-400
Source
NVD
Vendor
Grafana
Product
Grafana OSS

External References

Discussion (0)

Add Comment

No comments yet. Be the first!