CVE-2026-33380

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-33380

Affected Products

Grafana Oss

CVE-2026-33380

Related Identifiers

Affected Products

References · 2