Back to CVE List

CVE-2026-42129

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.7 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Vulnerability Description

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints (e.g. /config, /services, /ready) to extract sensitive backend configuration and internal service information.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Grafana
Product
Grafana OSS

External References

Discussion (0)

Add Comment

No comments yet. Be the first!