Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
11.6.0 (semver)
affected
12.2.0 (semver)
affected
12.3.0 (semver)
affected
12.4.0 (semver)
affected
13.0.0 (semver)
affected
Description
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service.
Problem types
Product status
11.6.0 (semver)
12.2.0 (semver)
12.3.0 (semver)
12.4.0 (semver)
13.0.0 (semver)
References
grafana.com/security/security-advisories/cve-2026-33382