Using the $__timeGroup macro, an attacker can inject a negative interval that forces the SQL data source to repeatedly execute identical queries. The resulting prolonged memory consumption causes the Grafana server to run out of memory and enter an out‑of‑memory state. This denial of service manifests after a sustained period of resource usage and can take up to half an hour to crash the server. The impact is a temporary loss of availability; if the server is configured to auto‑restart, the effect is mitigated.

Grafana OSS installations that expose a SQL data source and employ the $__timeGroup macro in dashboards are vulnerable. All releases that include this macro should be considered at risk until an update is applied, as no specific version is listed.

The CVSS score of 6.5 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in the KEV catalog. Exploitation requires the ability to define or modify a query that uses the macro, which typically necessitates authenticated dashboard or query‑building privileges. Based on the description, it is inferred that an attacker needs such privileges. The attack can be carried out from within the Grafana UI, representing an internal or local threat that primarily compromises availability through resource exhaustion.