← Back

CVE-2026-8609

nvd nist
Published: Jul 10, 2026Modified: Jul 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service).

Affected (5)

Products: Grafana: Grafana
1 product
Grafana
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Grafana
From 11.6.0 to 11.6.15
From 12.2.0 to 12.2.9
From 12.3.0 to 12.3.7
From 12.4.0 to 12.4.4
From 13.0.0 to 13.0.2

References (1)

Source: security@grafana.com
Vendor Advisory

Timeline

No history available yet.