PT-2026-40784 · Grafana · Grafana
Published
2026-05-13
·
Updated
2026-07-06
·
CVE-2026-28379
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Grafana (affected versions not specified)
Description
A race condition in Grafana Live enables authenticated users with the Viewer role to cause a server crash. By sending concurrent requests, an attacker can trigger a fatal map access error, leading to complete service unavailability that necessitates a restart of the Grafana server.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Grafana