Is Grafana affected by CVE-2026-27876?

A critical remote code execution vulnerability in Grafana enables authenticated administrators to achieve complete system compromise through a chained SQL expression attack.

CVE-2026-27876

EUVD-2026-16634 CRITICAL

2026-03-27 GRAFANA

9.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Apr 10, 2026 - 08:30 nvd

Patch available

EUVD ID Assigned

Mar 27, 2026 - 14:45 euvd

EUVD-2026-16634

Analysis Generated

Mar 27, 2026 - 14:45 vuln.today

CVE Published

Mar 27, 2026 - 14:24 nvd

CRITICAL 9.1

Description

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

Analysis

Remote code execution is achievable in Grafana installations through a chained attack combining SQL Expressions with a Grafana Enterprise plugin, affecting both open-source and Enterprise deployments. The vulnerability requires high-privilege authenticated access (PR:H) but enables cross-scope impact with complete system compromise once exploited. …

Remediation

Within 24 hours: Audit all Grafana instances for sqlExpressions feature toggle status and disable the feature immediately on all affected deployments; restrict administrative access to Grafana to only essential personnel and enforce multi-factor authentication on all admin accounts. Within 7 days: Review access logs for suspicious administrative activity and credential compromise indicators; identify and isolate any Grafana Enterprise plugin deployments tied to SQL expression functionality. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +46

POC: 0

Vendor Status

CVE-2026-27876 vulnerability details – vuln.today

Back

CVE-2026-27876

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

CVE-2026-27876

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code