CVE-2026-27880
Received
Received - Intake
Unbounded Memory Read in OpenFeature Causes Out-of-Memory Crash
Publication date: 2026-03-27
Last updated on: 2026-03-31
Assigner: Grafana Labs
Description
Description
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| grafana | grafana | From 12.1.10 (inc) to 12.2.0 (exc) |
| grafana | grafana | From 12.2.8 (inc) to 12.3.0 (exc) |
| grafana | grafana | From 12.3.6 (inc) to 12.4.0 (exc) |
| grafana | grafana | to 12.1.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the OpenFeature feature toggle evaluation endpoint, which reads unbounded values into memory. Because it does not limit the size of the input, it can cause the system to consume excessive memory, potentially leading to out-of-memory crashes.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that it can cause out-of-memory crashes in the affected system. This means that the system could become unstable or unavailable, leading to potential downtime or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70