Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-13T19:28:26 grafana: Grafana Live: Denial of Service due to unbounded memory allocation via push endpoint 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-770

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue.

A flaw was found in Grafana Live. An authenticated user with access to the Grafana Live API can exploit the push endpoint by sending a large or streaming request body. This can lead to unbounded memory allocation, potentially causing out-of-memory conditions and resulting in a Denial of Service (DoS) for the affected system.

Multicluster Global Hub Fix deferred multicluster-globalhub/multicluster-globalhub-grafana-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Fix deferred rhacm2/acm-grafana-rhel9 Red Hat Ceph Storage 5 Not affected rhceph/rhceph-5-dashboard-rhel8 Red Hat Ceph Storage 6 Not affected rhceph/rhceph-6-dashboard-rhel9 Red Hat Ceph Storage 8 Fix deferred rhceph/grafana-rhel9 Red Hat Ceph Storage 9 Fix deferred rhceph/grafana-rhel10 Red Hat Enterprise Linux 10 Fix deferred grafana Red Hat Enterprise Linux 8 Fix deferred grafana Red Hat Enterprise Linux 9 Fix deferred grafana https://www.cve.org/CVERecord?id=CVE-2026-28376 https://nvd.nist.gov/vuln/detail/CVE-2026-28376 https://grafana.com/security/security-advisories/cve-2026-28376