CVE-2026-33378
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk24th percentile - higher than 24% of all known CVEs
Summary
Using the $__timeGroup macro can lead to an out-of-memory (OOM) condition by overloading the server. This requires a SQL datasource, and if the server is set up to auto-restart, the impact of the attack is minimal or non-existent.
Risk Assessment
The organization may experience downtime, but the risk is mitigated if the server can automatically restart.
Recommendation
It is recommended to monitor memory usage and consider restricting access to the $__timeGroup macro to minimize the risk of server overload.
Original NVD description (English source)
Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server.

