CVE-2026-27880

Summary

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

Affected Software

VendorProductVersion RangeStatus
GrafanaGrafanav12.1.0 < v12.1.10affected
GrafanaGrafanav12.2.0 < v12.2.8affected
GrafanaGrafanav12.3.0 < v12.3.6affected
GrafanaGrafanav12.4.0 < v12.4.2affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

Additional References

Grafana: Grafana: Denial of Service via unbounded memory read in feature toggle evaluation

Additional References

References