CVE-2026-33381

Same vendor

• CVE-2026-33380 — A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem (6.3 MEDIUM)
• CVE-2026-33378 — Using the $__timeGroup macro, one can achieve an OOM by overloading the server (6.5 MEDIUM)
• CVE-2026-33377 — An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard (7.1 HIGH)
• CVE-2026-33376 — When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses (7.4 HIGH)
• CVE-2026-28383 — A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory (6.5 MEDIUM)

Same CWE

• CVE-2026-47261 — Wasmtime is a runtime for WebAssembly (7.5 HIGH)
• CVE-2026-50892 — Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attacke... (6.5 MEDIUM)
• CVE-2026-50891 — Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a cra... (8.1 HIGH)
• CVE-2026-50886 — Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources vi... (9.1 CRITICAL)
• CVE-2026-50885 — Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive... (7.5 HIGH)