CVE Catalog

CVE-2026-28383

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile - higher than 24% of all known CVEs

Summary

A vulnerability in the Grafana plugin allows unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service.

Risk Assessment

The organization may experience service outages due to memory exhaustion, impacting application availability. Potential attacks could lead to system downtime.

Recommendation

It is recommended to limit the size of requests to the plugin and monitor memory usage to prevent DoS attacks. Consider updating plugins to the latest versions that may include fixes.

Original NVD description (English source)

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS