CVE-2026-28376
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk24th percentile - higher than 24% of all known CVEs
Summary
The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue.
Risk Assessment
The risk to the organization involves the potential for out-of-memory conditions, which could lead to system crashes or degraded application performance. An attacker with access to the API could exploit this vulnerability to destabilize services.
Recommendation
It is recommended to limit the size of requests accepted by the Grafana Live API and to monitor memory usage to prevent potential attacks. Consider implementing limits for authenticated users as well.
Original NVD description (English source)
The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue.

