What is the CVSS score of EUVD-2026-16636?

EUVD-2026-16636 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Grafana are affected by EUVD-2026-16636?

CVE-2026-27879 presents notable security risk rated CVSS 6.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Grafana EUVD-2026-16636

| CVE-2026-27879 MEDIUM

Uncontrolled Resource Consumption (CWE-400)

2026-03-27 GRAFANA

Grafana Denial Of Service Red Hat Suse

6.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SUSE

MEDIUM

qualitative

Red Hat

6.5 MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Apr 10, 2026 - 08:30 nvd

Patch available

EUVD ID Assigned

Mar 27, 2026 - 14:45 euvd

EUVD-2026-16636

Analysis Generated

Mar 27, 2026 - 14:45 vuln.today

CVE Published

Mar 27, 2026 - 14:28 nvd

MEDIUM 6.5

DescriptionCVE.org

A resample query can be used to trigger out-of-memory crashes in Grafana.

AnalysisAI

Grafana versions prior to patching are vulnerable to denial-of-service attacks via maliciously crafted resample queries that exhaust server memory and trigger out-of-memory crashes. Authenticated users with query execution privileges can exploit this low-complexity remote vulnerability to disrupt service availability. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents a moderate real-world risk despite its 6.5 CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated Grafana user with query execution permissions crafts a resample query containing parameters designed to force allocation of extremely large in-memory buffers (for example, requesting resampling of a massive time range into microsecond granularity with high cardinality dimensions). When submitted to the Grafana backend, the query processor begins buffering the entire result set in memory without bounds, quickly exhausting available heap space. …
Remediation	Apply the security patch released by Grafana as documented in the official security advisory at https://grafana.com/security/security-advisories/cve-2026-27879. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-11769 MEDIUM This Month

6.4 Jun 13

Privilege escalation in Grafana Operator (all versions ≤ 5.23) allows any user with Kubernetes RBAC permissions to creat

Vendor StatusVendor

SUSE

Severity: Medium

Product	Status
SUSE Linux Enterprise Module for Package Hub 15 SP7	Fixed
SUSE Manager Client Tools 15	Fixed
SUSE Manager Client Tools for SLE 15	Fixed
SUSE Multi-Linux Manager Client Tools for SLE 15	Fixed
openSUSE Leap 15.6	Fixed

EUVD-2026-16636 vulnerability details – vuln.today

Back

Grafana EUVD-2026-16636

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code