{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-27880","assignerOrgId":"57da9224-a3e2-4646-9d0e-c4dc2e05e7da","state":"PUBLISHED","assignerShortName":"GRAFANA","dateReserved":"2026-02-24T14:30:17.727Z","datePublished":"2026-03-27T14:12:20.075Z","dateUpdated":"2026-07-07T21:08:25.340Z"},"containers":{"cna":{"providerMetadata":{"orgId":"57da9224-a3e2-4646-9d0e-c4dc2e05e7da","shortName":"GRAFANA","dateUpdated":"2026-07-07T21:08:25.340Z"},"datePublic":"2026-03-27T14:08:45.874Z","title":"OpenFeature evaluation API reads input data with no bounds","descriptions":[{"lang":"en","value":"The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes."}],"affected":[{"vendor":"Grafana","product":"Grafana","defaultStatus":"unaffected","versions":[{"version":"v12.1.0","status":"affected","versionType":"semver","lessThan":"v12.1.10"},{"version":"v12.2.0","status":"affected","versionType":"semver","lessThan":"v12.2.8"},{"version":"v12.3.0","status":"affected","versionType":"semver","lessThan":"v12.3.6"},{"version":"v12.4.0","status":"affected","versionType":"semver","lessThan":"v12.4.2"}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-27880","tags":["vendor-advisory"]}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}],"source":{"discovery":"INTERNAL_FINDING"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-125","lang":"en","description":"CWE-125 Out-of-bounds Read"}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-27880","tags":["broken-link"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-27T14:43:21.670196Z","id":"CVE-2026-27880","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-10T13:56:28.749Z"}},{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"}],"datePublic":"2026-03-27T14:12:20.075Z","descriptions":[{"lang":"en","value":"A flaw was found in Grafana. A remote attacker can exploit the feature toggle evaluation endpoint by sending unbounded values, causing the system to read excessive data into memory. This can lead to out-of-memory crashes, resulting in a Denial of Service (DoS) for the affected service."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-27880"},{"name":"RHBZ#2452295","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452295"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27880.json"}],"timeline":[{"lang":"en","time":"2026-03-27T15:03:43.019Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-27T14:12:20.075Z","value":"Made public."}],"title":"Grafana: Grafana: Denial of Service via unbounded memory read in feature toggle evaluation","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:08:03.581Z"}}]}}