Grafana OOM Crash via Resample Query Abuse
CVE-2026-27879 Published on March 27, 2026
Query resampling can cause unbounded memory allocations
A resample query can be used to trigger out-of-memory crashes in Grafana.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2026-27879 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2026-27879
Want to know whenever a new CVE is published for Grafana Labs Grafana? stack.watch will email you.
Affected Versions
Grafana:- Version 8.0.0 and below 11.6.14 is affected.
- Version 12.0.0 and below 12.1.10 is affected.
- Version 12.2.0 and below 12.2.8 is affected.
- Version 12.3.0 and below 12.3.6 is affected.
- Version 12.4.0 and below 12.4.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.