CVE-2026-28381

Summary

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host.

Affected Software

VendorProductVersion RangeStatus
GrafanaSnowflake Datasource1.14.7 <= 1.14.12affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References