CVE Catalog

CVE-2026-42129

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

32th percentile - higher than 32% of all known CVEs

Summary

A vulnerability in the Loki data source plugin allows a user with Viewer permissions to exploit a path traversal to reach administrative Loki endpoints. This enables reading sensitive backend configuration and internal service information.

Risk Assessment

The organization risks exposure of confidential configuration data and internal service details, which could facilitate further attacks on systems monitored by Loki.

Recommendation

Immediately update the Loki data source plugin to the latest patched version. Until the update is applied, restrict access to the Grafana dashboard to trusted users only.

Original NVD description (English source)

A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS