Description
A resample query can be used to trigger out-of-memory crashes in Grafana.
Published: 2026-03-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Out-of-Memory
Action: Immediate Patch
AI Analysis

Impact

A resample query in Grafana can trigger uncontrolled memory allocation, causing the application to exhaust available memory and crash. The result is a denial of service that renders the dashboard unavailable until the process restarts. This flaw stems from an unbounded resource allocation weakness and does not compromise data confidentiality or integrity. It affects the query execution path within Grafana and can impact any user interacting with the platform when such queries are executed.

Affected Systems

The vulnerability applies to Grafana deployments that have not applied the latest fix. The advisory does not list a specific version range, so all installations are potentially affected unless they are running a patched release. Administrators should verify the Grafana version against the vendor’s update information and upgrade if necessary.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium severity risk. No EPSS data is available, and the vulnerability is not listed in the KEV catalog, suggesting no known active exploitation. The likely attack vector is a remote attacker who can submit queries to the Grafana instance, or an authenticated user who can craft large resample queries. Exploitation requires only the ability to send such a query; no privileged access or other vulnerabilities are needed. If the attack succeeds, the attacker can temporarily deny service to all users of the Grafana dashboard until the application restarts.

Generated by OpenCVE AI on March 27, 2026 at 16:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade Grafana to the latest released version as detailed in the official advisory, which fixes the unbounded memory allocation logic.
  • If an immediate upgrade is not possible, disable or restrict resample query functionality for users or enforce role‑based access controls to limit who can run large queries.
  • Configure Grafana’s memory limits or system resource limits to cap the maximum memory usage for query processing, reducing the impact of accidental or malicious over‑allocation.
  • Monitor Grafana logs for out‑of‑memory events and set alerts for abnormal memory usage so that incidents can be detected and responded to quickly.

Generated by OpenCVE AI on March 27, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Fri, 27 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description A resample query can be used to trigger out-of-memory crashes in Grafana.
Title Query resampling can cause unbounded memory allocations
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GRAFANA

Published:

Updated: 2026-03-27T14:28:56.133Z

Reserved: 2026-02-24T14:30:17.727Z

Link: CVE-2026-27879

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T15:16:51.187

Modified: 2026-03-27T15:16:51.187

Link: CVE-2026-27879

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-27T14:28:56Z

Links: CVE-2026-27879 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:28:30Z

Weaknesses