CVE Catalog

CVE-2026-28381

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

The Snowflake datasource vulnerability allows GET/PUT commands, enabling any user with query access to read/write files between the local Grafana server and the connected Snowflake host.

Risk Assessment

The risk involves unauthorized file access and modification on the Grafana server, potentially leading to data leakage or system integrity compromise.

Recommendation

Immediately restrict user permissions to the Snowflake datasource and implement appropriate firewall rules and access controls to prevent unauthorized GET/PUT operations.

Original NVD description (English source)

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS