CRITICAL🇵🇱 Wersja polska

CVE-2026-28381

CVSS 9.6v3.1pub. 2026-06-22upd. 2026-06-30

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
  • Grafana Snowflake

    APP
    Grafana
    1.14.7 – 1.14.12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-39226CRITICAL9.8⚠ KEVten sam vendor

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated ...

CVE-2025-41118CRITICAL9.1PL ✓ten sam vendor

Grafana Pyroscope: ujawnienie klucza sekretnego Tencent COS przez API

CVE-2026-27876CRITICAL9.1PL ✓ten sam vendor

RCE w Grafana przez SQL Expressions i plugin Enterprise (CVE-2026-27876)

CVE-2025-41115CRITICAL10.0PL ✓ten sam vendor

Grafana Enterprise: privilege escalation przez SCIM provisioning (LPE)

CVE-2024-9264CRITICAL9.4PL ✓ten sam vendor

Grafana: command injection i local file inclusion przez SQL Expressions (duckdb)