Out-of-Memory Crash Vulnerability in Grafana by Grafana Labs
CVE-2026-27879

6.5MEDIUM

Key Information:

Vendor: Grafana
Status: Grafana
Vendor: CVE Published:; 27 March 2026

What is CVE-2026-27879?

A vulnerability exists in Grafana that allows an attacker to craft a resample query that can lead to out-of-memory crashes, adversely affecting the stability and availability of the service. Upon exploitation, this vulnerability can consume excessive system resources, potentially leading to service outages. It is crucial for users of affected versions of Grafana to apply necessary updates or patches as recommended by the vendor to mitigate this risk.

Affected Version(s)

Grafana Cloud 8.0.0 < 11.6.14

Grafana Cloud 12.0.0 < 12.1.10

Grafana Cloud 12.2.0 < 12.2.8

References

https://grafana.com/security/security-advisories/cve-2026...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Feb 24, 2026

CVE-2026-27879 Data

JSON