CVE-2026-27876

Published Mar 27, 2026

Last updated 3 hours ago

CVSS critical 9.1

Overview

Description: A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable.
Source: security@grafana.com
NVD status: Analyzed
Products: grafana

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.1
Impact score: 6
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "2B1C33F0-5D24-493C-BD5E-78C4B79DEC58",
            "versionEndExcluding": "11.6.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "94F2B4A1-DE4B-4718-A4D2-FBAE0711CC94",
            "versionEndExcluding": "12.0.0",
            "versionStartIncluding": "11.6.14",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "B77BDF7D-60F5-4DA0-B530-D8B69B7BA9B7",
            "versionEndExcluding": "12.2.0",
            "versionStartIncluding": "12.1.10",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "03B82BEE-3BE4-466C-B50D-900DDD46277A",
            "versionEndExcluding": "12.3.0",
            "versionStartIncluding": "12.2.8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "84C9E335-11FD-45E6-8804-2392B0AE11F7",
            "versionEndExcluding": "12.4.0",
            "versionStartIncluding": "12.3.6",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References