{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27880", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "state": "PUBLISHED", "assignerShortName": "GRAFANA", "dateReserved": "2026-02-24T14:30:17.727Z", "datePublished": "2026-03-27T14:12:20.075Z", "dateUpdated": "2026-03-27T14:43:46.925Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2026-03-27T14:28:54.183Z"}, "datePublic": "2026-03-27T14:08:45.874Z", "title": "OpenFeature evaluation API reads input data with no bounds", "descriptions": [{"lang": "en", "value": "The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes."}], "affected": [{"vendor": "Grafana", "product": "Grafana", "platforms": ["Cloud", "OnPrem"], "defaultStatus": "unaffected", "versions": [{"version": "v12.1.0", "status": "affected", "versionType": "semver", "lessThan": "v12.1.10"}, {"version": "v12.2.0", "status": "affected", "versionType": "semver", "lessThan": "v12.2.8"}, {"version": "v12.3.0", "status": "affected", "versionType": "semver", "lessThan": "v12.3.6"}, {"version": "v12.4.0", "status": "affected", "versionType": "semver", "lessThan": "v12.4.2"}]}], "references": [{"url": "https://grafana.com/security/security-advisories/cve-2026-27880", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "INTERNAL_FINDING"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"references": [{"url": "https://grafana.com/security/security-advisories/cve-2026-27880", "tags": ["broken-link"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T14:43:21.670196Z", "id": "CVE-2026-27880", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:43:46.925Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27880", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T14:43:21.670196Z"}}}], "references": [{"url": "https://grafana.com/security/security-advisories/cve-2026-27880", "tags": ["broken-link"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:40:50.982Z"}}], "cna": {"title": "OpenFeature evaluation API reads input data with no bounds", "source": {"discovery": "INTERNAL_FINDING"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "affected": [{"vendor": "Grafana", "product": "Grafana", "versions": [{"status": "affected", "version": "v12.1.0", "lessThan": "v12.1.10", "versionType": "semver"}, {"status": "affected", "version": "v12.2.0", "lessThan": "v12.2.8", "versionType": "semver"}, {"status": "affected", "version": "v12.3.0", "lessThan": "v12.3.6", "versionType": "semver"}, {"status": "affected", "version": "v12.4.0", "lessThan": "v12.4.2", "versionType": "semver"}], "platforms": ["Cloud", "OnPrem"], "defaultStatus": "unaffected"}], "datePublic": "2026-03-27T14:08:45.874Z", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2026-27880", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes."}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2026-03-27T14:28:54.183Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27880", "state": "PUBLISHED", "dateUpdated": "2026-03-27T14:43:46.925Z", "dateReserved": "2026-02-24T14:30:17.727Z", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "datePublished": "2026-03-27T14:12:20.075Z", "assignerShortName": "GRAFANA"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes."}], "id": "CVE-2026-27880", "lastModified": "2026-03-30T13:26:29.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@grafana.com", "type": "Secondary"}]}, "published": "2026-03-27T15:16:51.323", "references": [{"source": "security@grafana.com", "url": "https://grafana.com/security/security-advisories/cve-2026-27880"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://grafana.com/security/security-advisories/cve-2026-27880"}], "sourceIdentifier": "security@grafana.com", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "Grafana: Grafana: Denial of Service via unbounded memory read in feature toggle evaluation", "id": "2452295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452295"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in Grafana. A remote attacker can exploit the feature toggle evaluation endpoint by sending unbounded values, causing the system to read excessive data into memory. This can lead to out-of-memory crashes, resulting in a Denial of Service (DoS) for the affected service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-27880", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-27T14:12:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-27880\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27880\nhttps://grafana.com/security/security-advisories/cve-2026-27880"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": ["cloud", "onprem"], "status": "affected", "versions": {"scheme": "semver", "value": "[12.1.0,12.1.10)"}}, {"platform": ["cloud", "onprem"], "status": "affected", "versions": {"scheme": "semver", "value": "[12.2.0,12.2.8)"}}, {"platform": ["cloud", "onprem"], "status": "affected", "versions": {"scheme": "semver", "value": "[12.3.0,12.3.6)"}}, {"platform": ["cloud", "onprem"], "status": "affected", "versions": {"scheme": "semver", "value": "[12.4.0,12.4.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Grafana", "source": "cna", "vendor": "Grafana"}, "product": "grafana", "vendor": "grafana"}], "analysis": {"en": {"generated_at": "2026-03-27T15:54:56.984910+00:00", "value": {"mitigation_remediation": ["Apply the latest Grafana patch that implements bounds checking on the OpenFeature evaluation endpoint.", "Verify that the deployed Grafana version contains the fix.", "If a patch is not immediately available, block or rate\u2011limit large payloads to the API through a reverse proxy or firewall to mitigate denial\u2011of\u2011service risk.", "Regularly monitor Grafana logs for memory exhaustion events and keep documentation of applied patches."], "summary": {"action": "Patch", "impact": "Denial of Service via Out\u2011of\u2011Memory"}, "threat_synthesis": {"affected_systems": "Grafana\u2019s OpenFeature feature toggle evaluation API is affected. The CNA lists only the vendor and product; no specific version range is provided. Administrators should review the installed Grafana versions for susceptibility, especially those including the OpenFeature endpoint, and ensure they are updated to a version that limits input size or otherwise fixes the memory handling.", "description_and_impact": "The vulnerability exists in the OpenFeature feature toggle evaluation endpoint of Grafana. When the endpoint receives data, it reads input values without imposing limits, allocating memory proportional to the received size. An attacker can send an excessively large payload, causing the process to consume excessive memory and crash due to out\u2011of\u2011memory. The primary impact is a denial\u2011of\u2011service that can disrupt the availability of a Grafana instance, owing to the weakness in input validation and resource exhaustion.", "risk_and_exploitability": "The CVSS base score of 7.5 indicates moderate to high severity. The exploitability score is not available, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting no publicly available exploits yet. Nonetheless, the attack vector can be remote via the HTTP API, requiring network access to the Grafana server. Because the flaw leads to an out\u2011of\u2011memory condition rather than code execution, the risk is primarily availability rather than confidentiality or integrity."}}}}, "created": "2026-03-27T20:28:41.076901+00:00", "updated": "2026-03-30T07:01:52.882143+00:00", "vendors": ["grafana", "grafana$PRODUCT$grafana"], "weaknesses": ["CWE-20", "CWE-770"]}