Grafana OAuth Login Repeated Calls Causing Unbounded Memory Growth (DoS)
CVE-2026-8609 Published on July 10, 2026
Pre-authentication denial of service via the OAuth login route
An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service).
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2026-8609 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2026-8609
Want to know whenever a new CVE is published for Grafana Labs Grafana? stack.watch will email you.
Affected Versions
Grafana OSS:- Version 11.6.0, <= 11.6.14 is affected.
- Version 12.2.0, <= 12.2.8 is affected.
- Version 12.3.0, <= 12.3.6 is affected.
- Version 12.4.0, <= 12.4.3 is affected.
- Version 13.0.0, <= 13.0.1 is affected.