CVE-2026-28375

Summary

A testdata data-source can be used to trigger out-of-memory crashes in Grafana.

Affected Software

VendorProductVersion RangeStatus
GrafanaGrafana8.1.0 < 11.6.14affected
GrafanaGrafana12.0.0 < 12.1.10affected
GrafanaGrafana12.2.0 < 12.2.8affected
GrafanaGrafana12.3.0 < 12.3.6affected
GrafanaGrafana12.4.0 < 12.4.2affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References