PT-2026-28372 · Grafana+1 · Grafana+1

Osidb Bzimport

·

Publicado

2026-03-27

·

Atualizado

2026-06-05

·

CVE-2026-27880

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Grafana versions (affected versions not specified)
Description The OpenFeature feature toggle evaluation endpoint has a flaw where it reads input data without limits, potentially leading to out-of-memory crashes. The issue involves reading unbounded values into memory. The vulnerable component is the evaluation API. The API endpoint involved is the feature toggle evaluation endpoint. The input data is read into memory without any bounds checking.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Out of bounds Read

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

BDU:2026-08993
BIT-GRAFANA-2026-27880
CVE-2026-27880

Produtos afetados

Grafana
Red Os