Grafana OOM from OpenFeature Unbounded Memory Read in Toggle Evaluator
CVE-2026-27880 Published on March 27, 2026

OpenFeature evaluation API reads input data with no bounds
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.

Vendor Advisory NVD

Products Associated with CVE-2026-27880

Want to know whenever a new CVE is published for Grafana Labs Grafana? stack.watch will email you.

Grafana Labs Grafana

Affected Versions

Grafana:

Version v12.1.0 and below v12.1.10 is affected.
Version v12.2.0 and below v12.2.8 is affected.
Version v12.3.0 and below v12.3.6 is affected.
Version v12.4.0 and below v12.4.2 is affected.

Exploit Probability

EPSS

0.02%

Percentile

4.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Grafana OOM from OpenFeature Unbounded Memory Read in Toggle EvaluatorCVE-2026-27880 Published on March 27, 2026

Products Associated with CVE-2026-27880

Affected Versions

Exploit Probability

Grafana OOM from OpenFeature Unbounded Memory Read in Toggle Evaluator
CVE-2026-27880 Published on March 27, 2026