Skip to main content

Snowflake Datasource

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-28381 CRITICAL Act Now

Arbitrary file read and write in the Grafana Snowflake datasource plugin (versions 1.14.7 through 1.14.12) allows authenticated users with query permissions to invoke Snowflake GET/PUT commands and transfer files between the Grafana server's local filesystem and the connected Snowflake host. The CVSS 9.6 score reflects a scope-changing flaw (S:C) where low-privileged datasource users can pivot beyond the plugin's intended trust boundary; no public exploit identified at time of analysis.

Grafana Information Disclosure Snowflake Datasource
NVD
CVSS 3.1
9.6
CVE-2026-28381
CVSS 9.6
CRITICAL Act Now

Arbitrary file read and write in the Grafana Snowflake datasource plugin (versions 1.14.7 through 1.14.12) allows authenticated users with query permissions to invoke Snowflake GET/PUT commands and transfer files between the Grafana server's local filesystem and the connected Snowflake host. The CVSS 9.6 score reflects a scope-changing flaw (S:C) where low-privileged datasource users can pivot beyond the plugin's intended trust boundary; no public exploit identified at time of analysis.

Grafana Information Disclosure Snowflake Datasource
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy