CVE-2026-28383
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk24th percentile - higher than 24% of all known CVEs
Summary
A vulnerability in the Grafana plugin allows unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service.
Risk Assessment
The organization may experience service outages due to memory exhaustion, impacting application availability. Potential attacks could lead to system downtime.
Recommendation
It is recommended to limit the size of requests to the plugin and monitor memory usage to prevent DoS attacks. Consider updating plugins to the latest versions that may include fixes.
Original NVD description (English source)
A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service.

