CVE-2026-8609
Received Received - Intake

Memory Exhaustion via Repeated OAuth Login in Grafana

Vulnerability report for CVE-2026-8609, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: Grafana Labs

Description

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
grafana grafana to 12.2.9 (exc)
grafana grafana to 12.3.7 (exc)
grafana grafana to 12.4.4 (exc)
grafana grafana to 13.0.2 (exc)
grafana grafana 13.0.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability causes a denial of service by exhausting memory and crashing the Grafana instance, impacting availability but not confidentiality or integrity.

Since the vulnerability does not affect data confidentiality or integrity, it does not directly lead to data breaches or unauthorized data access.

However, the availability impact could affect compliance with standards like GDPR or HIPAA if the Grafana service is critical for processing or accessing regulated data, as these regulations require ensuring system availability and reliability.

Organizations should consider the risk of service disruption and apply the recommended upgrades to mitigate this vulnerability to maintain compliance.

Detection Guidance

This vulnerability can be detected by monitoring for repeated requests to Grafana's OAuth login endpoint with unique values, which cause unbounded memory growth. Network or system monitoring tools can be used to identify unusual spikes in memory usage or repeated OAuth login attempts from unauthenticated sources.

Specific commands are not provided in the available resources, but general approaches include using network traffic analysis tools like tcpdump or Wireshark to capture and analyze requests to the OAuth login route, and system commands such as 'top' or 'htop' to monitor memory usage on the Grafana server.

Executive Summary

CVE-2026-8609 is a vulnerability in Grafana's OAuth login route that allows an unauthenticated attacker to repeatedly send requests with unique values. This causes unbounded memory growth in the Grafana instance.

The excessive memory consumption can eventually exhaust the system's memory, leading to a crash of the Grafana service, resulting in a denial of service.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition. An attacker can cause the Grafana instance to crash by exhausting its memory resources.

This means that the availability of the Grafana service is compromised, potentially disrupting monitoring and visualization capabilities that rely on Grafana.

There is no impact on confidentiality or integrity according to the CVSS assessment.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Grafana to one of the fixed versions: 11.6.15, 12.2.9, 12.3.7, 12.4.4, or 13.0.2.

Upgrading to these versions will prevent the unbounded memory growth caused by repeated unauthenticated calls to the OAuth login route, thereby protecting the system from denial of service crashes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8609. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart