Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Remote Code Execution & Injection vulnerabilities in Grafana, Patch Immediately!
Image
Veröffentlicht : 30/03/2026
- Last update: 30/03/2026
- Affected software: Grafana versions < 11.6.0, <12.1.0, and >= 12.4.2
- Type: Remote Code Execution & Injection vulnerabilities
- CVE/CVSS
→ CVE-2026-27876: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2026-27880: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Sources
Grafan - https://grafana.com/blog/grafana-security-release-critical-and-high-severity-security-fixes-for-cve-2026-27876-and-cve-2026-27880/
Grafan - https://grafana.com/security/security-advisories/cve-2026-27876/
Grafan - https://grafana.com/security/security-advisories/cve-2026-27880/
Risks
CVE-2026-27876 is a critical Grafana flaw that can allow remote arbitrary code execution in vulnerable environments, while CVE-2026-27880 is a high severity issue that can trigger out-of-memory crashes.
Grafana is a monitoring and observability platform used to visualize and analyze data through dashboards and related features.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A critical security vulnerability, CVE-2026-27876, has been identified in Grafana, where a chained attack involving SQL Expressions and a Grafana Enterprise plugin can lead to remote arbitrary code execution. According to Grafana’s advisory information, this issue is rated Critical with a CVSS score of 9.1, and only instances with the sqlExpressions feature toggle enabled are vulnerable.
A second vulnerability, CVE-2026-27880, affects Grafana’s OpenFeature feature-toggle evaluation endpoint, which can read unbounded values into memory and cause out-of-memory crashes. Grafana has classified CVE-2026-27880 as a high severity issue, meaning affected deployments may face service disruption even without code execution.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
The vulnerabilities have been fixed in version 12.4.2 or higher.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
Grafana fixed version - https://github.com/grafana/grafana/releases/tag/v12.4.2