Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Unauthenticated network request with a single crafted header (AV:N/AC:L/PR:N/UI:N); token disclosure and reach into other systems drive C:H and S:C, with no direct integrity/availability impact.
Primary rating from Vendor (GRAFANA).
CVSS VectorVendor: GRAFANA
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.
AnalysisAI
Server-side request forgery and credential theft in Grafana MCP Server lets an unauthenticated remote attacker steal the server's environment-configured Grafana service-account token by sending a crafted X-Grafana-URL request header, and pivot to reach arbitrary internal services including cloud metadata endpoints. The token grants the attacker the MCP server's full Grafana privileges, and the SSRF primitive exposes internal infrastructure behind the network perimeter. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a Grafana MCP Server instance be network-reachable by the attacker and that it be configured with a Grafana service-account token in its environment (the credential the flaw exfiltrates). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals align toward genuine priority rather than paper severity: the CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N describes network-reachable, low-complexity, unauthenticated exploitation with a scope change (base 8.6), which matches the description of a header-triggered token exfiltration plus SSRF. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach an internet- or intranet-exposed Grafana MCP Server sends a request carrying a crafted X-Grafana-URL header pointing at an attacker-controlled server, and the MCP server obligingly makes an authenticated outbound request that leaks its Grafana service-account token to the attacker. Using the same primitive, the attacker sets the header to an internal address (for example a cloud metadata endpoint) to perform SSRF and harvest additional internal data or credentials. … |
| Remediation | Patch available per vendor advisory - upgrade Grafana MCP Server to the fixed release identified in Grafana's advisory at https://grafana.com/security/security-advisories/cve-2026-15583 (no exact fix version is present in the provided data, so confirm the target version directly from that page). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Grafana MCP Server deployments and assess network exposure (public vs. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerabili
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. Rated critical severity (CVSS 9.8), this
A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generat
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input.
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows re
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. Rated high severity (CVSS
Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability
Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. Rated high severity (
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. Rated high
Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44597
GHSA-7cfp-pmw3-4j7r