CVE Catalog

CVE-2026-28376

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile - higher than 24% of all known CVEs

Summary

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue.

Risk Assessment

The risk to the organization involves the potential for out-of-memory conditions, which could lead to system crashes or degraded application performance. An attacker with access to the API could exploit this vulnerability to destabilize services.

Recommendation

It is recommended to limit the size of requests accepted by the Grafana Live API and to monitor memory usage to prevent potential attacks. Consider implementing limits for authenticated users as well.

Original NVD description (English source)

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS