Unrated severityNVD Advisory· Published Jun 22, 2026· Updated Jun 22, 2026

Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT

CVE-2026-28381

Description

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host.

Affected products

Grafana/Grafana Snowflake Datasourcellm-fuzzy

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

grafana.com/security/security-advisories/cve-2026-28381mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000