Resource exhaustion in Grafana Oss
CVE-2026-33382
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and…
Vulnerability class: DoS (Denial of Service)
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Grafana Oss — versions 11.6.0, 12.2.0, 12.3.0
Weakness classification (CWE)
References
- security@grafana.com (vendor-advisory)
Frequently asked questions
- What is CVE-2026-33382?
- CVE-2026-33382 is a high-severity vulnerability in Grafana Oss, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2026-07-10.
- How severe is CVE-2026-33382?
- High severity. CVSS v3 base score is 7.5 out of 10.