Unauthenticated Exfiltration via Confused-Deputy in Grafana MCP Server
CVE-2026-15583 Published on July 15, 2026
SSRF (confused deputy) in Grafana MCP Server via X-Grafana-URL header
A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.
Weakness Type
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Products Associated with CVE-2026-15583
Want to know whenever a new CVE is published for Grafana Labs Grafana? stack.watch will email you.
Affected Versions
Grafana MCP Server:- Version 0.0.0, <= 0.17.1 is affected.