CVE-2026-27880

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Grafana versions (affected versions not specified)

Description The OpenFeature feature toggle evaluation endpoint has a flaw where it reads input data without limits, potentially leading to out-of-memory crashes. The issue involves reading unbounded values into memory. The vulnerable component is the evaluation API. The API endpoint involved is the feature toggle evaluation endpoint. The input data is read into memory without any bounds checking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

BIT-GRAFANA-2026-27880

CVE-2026-27880

Affected Products

Grafana

CVE-2026-27880

Weakness Enumeration

Related Identifiers

Affected Products

References · 10