CVE Catalog

CVE-2026-33375

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile - higher than 34% of all known CVEs

Summary

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.

Risk Assessment

The organization may experience significant disruptions due to container crashes, impacting service availability.

Recommendation

It is recommended to update the plugin to the latest version to fix the logic flaw and restrict low-privileged users' access to critical API functions.

Original NVD description (English source)

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS