Skip to main content

Grafana MCP Server CVE-2026-15583

| EUVDEUVD-2026-44597 HIGH
Externally Controlled Reference to a Resource in Another Sphere (CWE-610)
2026-07-15 GRAFANA GHSA-7cfp-pmw3-4j7r
8.6
CVSS 3.1 · Vendor: GRAFANA
Share

Severity by source

Vendor (GRAFANA) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vuln.today AI
8.6 HIGH

Unauthenticated network request with a single crafted header (AV:N/AC:L/PR:N/UI:N); token disclosure and reach into other systems drive C:H and S:C, with no direct integrity/availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (GRAFANA).

CVSS VectorVendor: GRAFANA

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 15, 2026 - 08:01 vuln.today
CVE Published
Jul 15, 2026 - 07:29 cve.org
HIGH 8.6

DescriptionCVE.org

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.

AnalysisAI

Server-side request forgery and credential theft in Grafana MCP Server lets an unauthenticated remote attacker steal the server's environment-configured Grafana service-account token by sending a crafted X-Grafana-URL request header, and pivot to reach arbitrary internal services including cloud metadata endpoints. The token grants the attacker the MCP server's full Grafana privileges, and the SSRF primitive exposes internal infrastructure behind the network perimeter. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed MCP server endpoint
Delivery
Send request with crafted X-Grafana-URL header
Exploit
Server makes authenticated outbound request to attacker host
Execution
Capture leaked Grafana service-account token
Persist
Redirect header to internal/metadata endpoints for SSRF
Impact
Access internal services with stolen credentials

Vulnerability AssessmentAI

Exploitation Exploitation requires that a Grafana MCP Server instance be network-reachable by the attacker and that it be configured with a Grafana service-account token in its environment (the credential the flaw exfiltrates). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals align toward genuine priority rather than paper severity: the CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N describes network-reachable, low-complexity, unauthenticated exploitation with a scope change (base 8.6), which matches the description of a header-triggered token exfiltration plus SSRF. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an internet- or intranet-exposed Grafana MCP Server sends a request carrying a crafted X-Grafana-URL header pointing at an attacker-controlled server, and the MCP server obligingly makes an authenticated outbound request that leaks its Grafana service-account token to the attacker. Using the same primitive, the attacker sets the header to an internal address (for example a cloud metadata endpoint) to perform SSRF and harvest additional internal data or credentials. …
Remediation Patch available per vendor advisory - upgrade Grafana MCP Server to the fixed release identified in Grafana's advisory at https://grafana.com/security/security-advisories/cve-2026-15583 (no exact fix version is present in the provided data, so confirm the target version directly from that page). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Grafana MCP Server deployments and assess network exposure (public vs. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-34111 CRITICAL POC
9.8 Jun 06

The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerabili

CVE-2022-26148 CRITICAL POC
9.8 Mar 21

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. Rated critical severity (CVSS 9.8), this

CVE-2020-27846 CRITICAL POC
9.8 Dec 21

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2018-15727 CRITICAL POC
9.8 Aug 29

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generat

CVE-2024-9264 CRITICAL POC
9.4 Oct 18

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input.

CVE-2023-36649 CRITICAL POC
9.1 Dec 12

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows re

CVE-2025-4123 HIGH POC
7.6 May 22

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire

CVE-2020-13379 HIGH POC
8.2 Jun 03

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. Rated high severity (CVSS

CVE-2023-1387 HIGH POC
7.5 Apr 26

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability

CVE-2022-32276 HIGH POC
7.5 Jun 17

Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. Rated high severity (

CVE-2022-32275 HIGH POC
7.5 Jun 06

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. Rated high

CVE-2021-43798 HIGH POC
7.5 Dec 07

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability

Share

CVE-2026-15583 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy