Back to articles
Grafana security release: Critical and high severity security fixes for CVE-2026-27876 and CVE-2026-27880
Grafana Labs blog on Grafana Labs

Grafana security release: Critical and high severity security fixes for CVE-2026-27876 and CVE-2026-27880

12 views

Summary

Grafana has released versions 12.4.2, 12.3.6, 12.2.8, 12.1.10, and 11.6.14 to address critical and high-severity security vulnerabilities (CVE-2026-27876 & CVE-2026-27880). CVE-2026-27876 allows potential remote code execution via the SQL expressions feature, while CVE-2026-27880 creates a denial-of-service risk through an unauthenticated endpoint; upgrading to the latest versions is strongly recommended. Workarounds are available, but a full upgrade is the preferred solution for both issues.
Read the Original Article

This article originally appeared on Grafana Labs blog on Grafana Labs.

Read Full Article on Original Site

Popular from Grafana Labs blog on Grafana Labs

1
How to use AI to analyze and visualize CAN data with Grafana Assistant

Dec 12, 2025 37 views

2
How to monitor AI agent applications on Amazon Bedrock AgentCore with Grafana Cloud

Nov 26, 2025 25 views

3
Instrument zero‑code observability for LLMs and agents on Kubernetes
Instrument zero‑code observability for LLMs and agents on Kubernetes

Ishan Jain Mar 21, 2026 22 views

4
Observe your AI agents: End‑to‑end tracing with OpenLIT and Grafana Cloud
Observe your AI agents: End‑to‑end tracing with OpenLIT and Grafana Cloud

Ishan Jain Mar 21, 2026 14 views

5
Observability in Go: Where to start and what matters most
Observability in Go: Where to start and what matters most

Grafana Labs Team Apr 6, 2026 13 views