CVE Catalog

CVE-2026-33378

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile - higher than 24% of all known CVEs

Summary

Using the $__timeGroup macro can lead to an out-of-memory (OOM) condition by overloading the server. This requires a SQL datasource, and if the server is set up to auto-restart, the impact of the attack is minimal or non-existent.

Risk Assessment

The organization may experience downtime, but the risk is mitigated if the server can automatically restart.

Recommendation

It is recommended to monitor memory usage and consider restricting access to the $__timeGroup macro to minimize the risk of server overload.

Original NVD description (English source)

Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS