Medium severity6.5NVD Advisory· Published May 13, 2026· Updated May 15, 2026
CVE-2026-28376
CVE-2026-28376
Description
The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- grafana.com/security/security-advisories/cve-2026-28376nvdVendor Advisory
News mentions
0No linked articles in our index yet.