CVE-2026-33375
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk34th percentile - higher than 34% of all known CVEs
Summary
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.
Risk Assessment
The organization may experience significant disruptions due to container crashes, impacting service availability.
Recommendation
It is recommended to update the plugin to the latest version to fix the logic flaw and restrict low-privileged users' access to critical API functions.
Original NVD description (English source)
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.

