CVE-2026-33380
MEDIUM
NVD
CVSS Score
6.3
Severity
MEDIUM
Published
May 13, 2026
Vendor
unknown
Description
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.