Filtered by vendor Grafana Subscriptions
Filtered by product Loki Datasource Subscriptions

Search

Switch to Advanced Search (Beta)
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-42129 1 Grafana 2 Grafana, Loki Datasource 2026-06-24 7.7 High
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints (e.g. /config, /services, /ready) to extract sensitive backend configuration and internal service information.