CVE-2026-33380EPSS p17.3%

CVE-2026-33380CVE-2026-33380

grafana / grafana

Description

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

Scoring

CVSS 6.3 ()
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS0.26% probability of exploitation · percentile 17.3% · 2026-06-19T12:03:05Z
Last modified2026-06-16
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.