CVE-2026-28381

critical Grafana
CVSS v3 Base Score
9.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS Score
0.2%
Exploitation probability in 30 days
Top 89% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
High
Availability
None
Published: June 22, 2026 (17 days ago)
Last Modified: June 30, 2026
Vendor: Grafana
Source: NVD

Description

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host.

CWE

CWE-284

Affected Products

grafana snowflake

References