Fluid Attacks Database

Description

A flaw was found in Grafana. A remote attacker can exploit the feature toggle evaluation endpoint by sending unbounded values, causing the system to read excessive data into memory. This can lead to out-of-memory crashes, resulting in a Denial of Service (DoS) for the affected service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package
rpm rhel10	grafana
rpm rhel9	grafana

Aliases

1. CVE-2026-278802. NVD-2026-278803. OSV-2026-27880

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.