Grafana MSSQL Plugin OOM Crash via Viewer API Bypass
CVE-2026-33375 Published on March 26, 2026
Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2026-33375 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2026-33375
Want to know whenever a new CVE is published for Grafana Labs Grafana? stack.watch will email you.
Affected Versions
Grafana OSS:- Version 11.6.0 and below 11.6.14+security-01 is affected.
- Version 12.1.0 and below 12.1.10+security-01 is affected.
- Version 12.2.0 and below 12.2.8+security-01 is affected.
- Version 12.3.0 and below 12.3.6+security-01 is affected.
- Version 12.4.0 and below 12.4.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.