High severity7.5NVD Advisory· Published Mar 27, 2026· Updated May 10, 2026
CVE-2026-27880
CVE-2026-27880
Description
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.
Affected products
21- osv-coords19 versionspkg:apk/chainguard/grafana-11.5pkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-12.0pkg:apk/chainguard/grafana-12.1pkg:apk/chainguard/grafana-12.2pkg:apk/chainguard/grafana-12.3pkg:apk/chainguard/grafana-fips-11.5pkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-12.0pkg:apk/chainguard/grafana-fips-12.1pkg:apk/chainguard/grafana-fips-12.2pkg:apk/chainguard/grafana-fips-12.3pkg:apk/wolfi/grafana-11.5pkg:apk/wolfi/grafana-11.6pkg:apk/wolfi/grafana-12.0pkg:apk/wolfi/grafana-12.1pkg:apk/wolfi/grafana-12.2pkg:apk/wolfi/grafana-12.3pkg:bitnami/grafana
< 11.5.10-r2+ 18 more
- (no CPE)range: < 11.5.10-r2
- (no CPE)range: < 11.6.14.01-r2
- (no CPE)range: < 12.0.10-r0
- (no CPE)range: < 12.1.10.01-r2
- (no CPE)range: < 12.2.8.01-r2
- (no CPE)range: < 12.3.6-r1
- (no CPE)range: < 11.5.10-r3
- (no CPE)range: < 11.6.14-r2
- (no CPE)range: < 12.0.10-r2
- (no CPE)range: < 12.1.10.01-r0
- (no CPE)range: < 12.2.8.01-r0
- (no CPE)range: < 12.3.6.01-r0
- (no CPE)range: < 11.5.10-r2
- (no CPE)range: < 11.6.14.01-r2
- (no CPE)range: < 12.0.10-r0
- (no CPE)range: < 12.1.10.01-r2
- (no CPE)range: < 12.2.8.01-r2
- (no CPE)range: < 12.3.6-r1
- (no CPE)range: >= 12.1.0, < 12.1.10
Patches
Vulnerability mechanics
References
1- grafana.com/security/security-advisories/cve-2026-27880nvdVendor Advisory
News mentions
0No linked articles in our index yet.