Out-of-Memory Issue in Grafana by Grafana Labs
CVE-2026-28375

6.5MEDIUM

Key Information:

Vendor

Grafana
Status
Grafana
Vendor
CVE Published:
27 March 2026

What is CVE-2026-28375?

Grafana is susceptible to an out-of-memory vulnerability that can be triggered through a specific testdata data-source. This issue may lead to application crashes, potentially disrupting services and affecting system stability. Ensure you review product security advisories to mitigate risks associated with this vulnerability.

Affected Version(s)

Grafana OnPrem 8.1.0 < 11.6.14

Grafana OnPrem 12.0.0 < 12.1.10

Grafana OnPrem 12.2.0 < 12.2.8

References

https://grafana.com/security/security-advisories/cve-2026...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.