{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27880", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "state": "PUBLISHED", "assignerShortName": "GRAFANA", "dateReserved": "2026-02-24T14:30:17.727Z", "datePublished": "2026-03-27T14:12:20.075Z", "dateUpdated": "2026-03-27T14:43:46.925Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2026-03-27T14:28:54.183Z"}, "datePublic": "2026-03-27T14:08:45.874Z", "title": "OpenFeature evaluation API reads input data with no bounds", "descriptions": [{"lang": "en", "value": "The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes."}], "affected": [{"vendor": "Grafana", "product": "Grafana", "platforms": ["Cloud", "OnPrem"], "defaultStatus": "unaffected", "versions": [{"version": "v12.1.0", "status": "affected", "versionType": "semver", "lessThan": "v12.1.10"}, {"version": "v12.2.0", "status": "affected", "versionType": "semver", "lessThan": "v12.2.8"}, {"version": "v12.3.0", "status": "affected", "versionType": "semver", "lessThan": "v12.3.6"}, {"version": "v12.4.0", "status": "affected", "versionType": "semver", "lessThan": "v12.4.2"}]}], "references": [{"url": "https://grafana.com/security/security-advisories/cve-2026-27880", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "INTERNAL_FINDING"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"references": [{"url": "https://grafana.com/security/security-advisories/cve-2026-27880", "tags": ["broken-link"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T14:43:21.670196Z", "id": "CVE-2026-27880", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:43:46.925Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27880", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T14:43:21.670196Z"}}}], "references": [{"url": "https://grafana.com/security/security-advisories/cve-2026-27880", "tags": ["broken-link"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:40:50.982Z"}}], "cna": {"title": "OpenFeature evaluation API reads input data with no bounds", "source": {"discovery": "INTERNAL_FINDING"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "affected": [{"vendor": "Grafana", "product": "Grafana", "versions": [{"status": "affected", "version": "v12.1.0", "lessThan": "v12.1.10", "versionType": "semver"}, {"status": "affected", "version": "v12.2.0", "lessThan": "v12.2.8", "versionType": "semver"}, {"status": "affected", "version": "v12.3.0", "lessThan": "v12.3.6", "versionType": "semver"}, {"status": "affected", "version": "v12.4.0", "lessThan": "v12.4.2", "versionType": "semver"}], "platforms": ["Cloud", "OnPrem"], "defaultStatus": "unaffected"}], "datePublic": "2026-03-27T14:08:45.874Z", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2026-27880", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes."}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2026-03-27T14:28:54.183Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27880", "state": "PUBLISHED", "dateUpdated": "2026-03-27T14:43:46.925Z", "dateReserved": "2026-02-24T14:30:17.727Z", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "datePublished": "2026-03-27T14:12:20.075Z", "assignerShortName": "GRAFANA"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes."}], "id": "CVE-2026-27880", "lastModified": "2026-03-30T13:26:29.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@grafana.com", "type": "Secondary"}]}, "published": "2026-03-27T15:16:51.323", "references": [{"source": "security@grafana.com", "url": "https://grafana.com/security/security-advisories/cve-2026-27880"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://grafana.com/security/security-advisories/cve-2026-27880"}], "sourceIdentifier": "security@grafana.com", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "Grafana: Grafana: Denial of Service via unbounded memory read in feature toggle evaluation", "id": "2452295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452295"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in Grafana. A remote attacker can exploit the feature toggle evaluation endpoint by sending unbounded values, causing the system to read excessive data into memory. This can lead to out-of-memory crashes, resulting in a Denial of Service (DoS) for the affected service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-27880", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-27T14:12:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-27880\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27880\nhttps://grafana.com/security/security-advisories/cve-2026-27880"], "threat_severity": "Important"}