CVE-2026-33380

MEDIUM(6.3)

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Risk Signal Score16/100 — NIEDRIG

CVSS 6.3 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.3

Technische Schwere

Beschreibung

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

Referenzen

https://grafana.com/security/security-advisories/cve-2026-33380