CVE-2026-33375

Summary

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.

Affected Software

VendorProductVersion RangeStatus
GrafanaGrafana OSS11.6.0 < 11.6.14+security-01affected
GrafanaGrafana OSS12.1.0 < 12.1.10+security-01affected
GrafanaGrafana OSS12.2.0 < 12.2.8+security-01affected
GrafanaGrafana OSS12.3.0 < 12.3.6+security-01affected
GrafanaGrafana OSS12.4.0 < 12.4.2affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References