Grafana Archives • Daily CyberSecurity

SQL to SSH: Critical 9.1 CVSS RCE in Grafana Turns Monitoring into a Remote Hijack CVE-2022-29170 Grafana RCE SQL Expressions Flaw

SQL to SSH: Critical 9.1 CVSS RCE in Grafana Turns Monitoring into a Remote Hijack

Do Son March 29, 2026

The Grafana team has released an urgent security advisory following the discovery of two significant vulnerabilities that...

Grafana Patches Critical SCIM Flaw (CVE-2025-41115, CVSS 10) Allowing Privilege Escalation and User Impersonation Grafana SCIM Flaw CVE-2025-41115 Grafana Vulnerabilities, XSS Flaw Grafana security alert, XSS patch

Grafana Patches Critical SCIM Flaw (CVE-2025-41115, CVSS 10) Allowing Privilege Escalation and User Impersonation

Do Son November 20, 2025

Grafana has released emergency security updates for Grafana Enterprise addressing a critical privilege-escalation flaw in its SCIM...

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798) Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798)

Do Son October 3, 2025

Recently, GreyNoise observed a sudden and highly coordinated wave of exploitation attempts targeting CVE-2021-43798, a Grafana path...

Grafana Patches XSS (CVE-2025-6023) and Open Redirect (CVE-2025-6197) Flaws in Recent Security Release Grafana SCIM Flaw CVE-2025-41115 Grafana Vulnerabilities, XSS Flaw Grafana security alert, XSS patch

Grafana Patches XSS (CVE-2025-6023) and Open Redirect (CVE-2025-6197) Flaws in Recent Security Release

Do Son July 18, 2025

Grafana Labs has released important security patches for multiple versions of its observability platform, addressing two significant...

Four Critical RCE Flaws Found in Grafana Plugins via Chromium: Patch Now! Grafana Vulnerabilities, Remote Code Execution

Four Critical RCE Flaws Found in Grafana Plugins via Chromium: Patch Now!

Do Son July 3, 2025

Grafana Labs has issued an urgent security advisory addressing four critical vulnerabilities affecting two of its key...

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys Grafana Vulnerability, DingDing CVE-2023-3128

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys

Do Son June 14, 2025

Grafana Labs has released a round of security patches to address CVE-2025-3415, a medium-severity vulnerability (CVSS 4.3)...

Grafana Zero-Day? Emergency Patch Released ‘One Day Ahead of Schedule’ for XSS Flaw Grafana SCIM Flaw CVE-2025-41115 Grafana Vulnerabilities, XSS Flaw Grafana security alert, XSS patch

Grafana Zero-Day? Emergency Patch Released ‘One Day Ahead of Schedule’ for XSS Flaw

Do Son May 22, 2025

Grafana Labs issued an unscheduled security release—Grafana 12.0.0+security-01—alongside patches for all supported versions, addressing a high-severity cross-site...

Grafana Patches CVE-2025-3260 and More in Critical Security Update Grafana Vulnerability Dashboard Permission Bypass

Grafana Patches CVE-2025-3260 and More in Critical Security Update

Do Son April 24, 2025

Grafana Labs has issued security updates for multiple product versions, addressing one high and two medium-severity vulnerabilities...

Grafana Vulnerability CVE-2024-9264: PoC Exploit Released for 9.9-Rated Critical Flaw CVE-2024-9264 exploit

Grafana Vulnerability CVE-2024-9264: PoC Exploit Released for 9.9-Rated Critical Flaw

Do Son October 28, 2024

The researcher published the technical details and proof-of-concept (PoC) exploit code for CVE-2024-9264 – a critical vulnerability...

Patch Now! Grafana Hit by 9.9 Severity RCE Vulnerability (CVE-2024-9264)

Do Son October 18, 2024

A critical security vulnerability (CVE-2024-9264) has been discovered in Grafana, the popular open-source platform for monitoring and...

CVE-2024-8986 (CVSS 9.1): Critical Grafana Plugin SDK Flaw Exposes Sensitive Information CVE-2024-8986 - grafana plugin SDK

CVE-2024-8986 (CVSS 9.1): Critical Grafana Plugin SDK Flaw Exposes Sensitive Information

Do Son September 22, 2024

In a concerning development for Grafana users, a critical security vulnerability has been discovered in the Grafana...

CVE-2024-1313: BOLA Flaw in Grafana Threatens Dashboard Integrity – Patch Immediately

Do Son March 27, 2024

Organizations relying on Grafana for essential data visualizations must prioritize immediate patching following the discovery of a...

CVE-2023-3128: Grafana Account Takeover Vulnerability Grafana Vulnerability, DingDing CVE-2023-3128

CVE-2023-3128: Grafana Account Takeover Vulnerability

Do Son June 22, 2023

A recent security vulnerability was discovered in Grafana, one of the leading open-source platforms for analytics and...

CVE-2022-31097: 0-day vulnerability in open-source analytics Grafana

Do Son November 29, 2022

Open and composable observability and data visualization platform Grafana received an emergency update today to fix a...

CVE-2022-31107: Grafana OAuth Account Takeover Vulnerability

Do Son July 16, 2022

Open-source analytics and interactive visualization solution Grafana received a critical update recently to fix two high-severity security...

CVE-2022-29170: Grafana server-side request forgery vulnerability CVE-2022-29170 Grafana RCE SQL Expressions Flaw

CVE-2022-29170: Grafana server-side request forgery vulnerability

Do Son May 21, 2022

On May 19, 2022, Grafana officially issued a risk notice for Grafana Enterprise server-side request forgery vulnerability,...

Critical Alert 2 Active Exploits Detected Today