Grafana Vulnerabilities Allow File Manipulation and DoS
Summary
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Grafana versions prior to 12.3.6, 12.2.8, 12.1.10, 11.6.14, and 12.4.2. These vulnerabilities allow authenticated remote attackers to manipulate files or cause a denial-of-service condition. Mitigation is available.
What changed
This advisory from CERT-Bund details multiple vulnerabilities found in various versions of Grafana software, including versions prior to 12.3.6, 12.2.8, 12.1.10, 11.6.14, and 12.4.2. The vulnerabilities, with a CVSS Base Score of 6.5, allow a remote, authenticated attacker to manipulate files or induce a denial-of-service (DoS) state on affected systems.
Organizations using Grafana should immediately review their installed versions and apply available mitigations or upgrade to patched versions (Grafana 12.3.6, 12.2.8, 12.1.10, 11.6.14, or 12.4.2 and later) to prevent potential exploitation. Failure to address these vulnerabilities could lead to unauthorized data manipulation or service disruption.
What to do next
- Review Grafana versions for applicability to the advisory
- Apply available mitigations or upgrade Grafana to patched versions (12.3.6, 12.2.8, 12.1.10, 11.6.14, or 12.4.2 and later)
Source document (simplified)
[WID-SEC-2026-0886] Grafana: Mehrere Schwachstellen ermöglichen Manipulation von Dateien und DoS CVSS Base Score 6.5 (mittel) CVSS Temporal Score 5.7 (mittel) Remoteangriff ja Datum 26.03.2026 Stand 27.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
Grafana ist eine Analyse- und Visualisierungssoftware.
Produkte
26.03.2026
- Grafana Grafana <12.3.6
Grafana Grafana <12.2.8
Grafana Grafana <12.1.10
Grafana Grafana <11.6.14
Grafana Grafana <12.4.2
Angriff
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Grafana ausnutzen, um Dateien zu manipulieren oder um einen Denial-of-Service-Zustand herbeizufĂĽhren. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.