CVE-2026-28375

Received Received - Intake

Out-of-Memory Crash in Grafana via Testdata Data-Source

Publication date: 2026-03-27

Last updated on: 2026-03-31

Assigner: Grafana Labs

Description

A testdata data-source can be used to trigger out-of-memory crashes in Grafana.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-27

Last Modified

2026-03-31

Generated

2026-06-16

AI Q&A

2026-03-27

EPSS Evaluated

2026-06-15

NVD

CVE-2026-28375

EUVD

EUVD-2026-16638

Affected Vendors & Products

Vendor	Product	Version / Range
grafana	grafana	to 8.1.0 (exc)
grafana	grafana	From 11.6.14 (inc) to 12.0.0 (exc)
grafana	grafana	From 12.1.10 (inc) to 12.2.0 (exc)
grafana	grafana	From 12.2.8 (inc) to 12.3.0 (exc)
grafana	grafana	From 12.3.6 (inc) to 12.4.0 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-400	The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

Executive Summary

This vulnerability involves a testdata data-source in Grafana that can be exploited to trigger out-of-memory crashes.

Impact Analysis

The vulnerability can cause Grafana to crash due to out-of-memory conditions, potentially leading to denial of service.

Hi! I’m here to help you understand CVE-2026-28375. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-28375

Out-of-Memory Crash in Grafana via Testdata Data-Source

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart