Grafana security release: Critical and high severity security fixes for CVE-2026-27876 and CVE-2026-27880

If you're running Grafana for LLM observability—tracking inference latency, token throughput, model costs, or RAG pipeline metrics—you need to patch immediately. Two vulnerabilities disclosed this week create real operational risk for production ML systems, and the attack surface is larger than it initially appears.

CVE-2026-27876 is the more severe issue. The SQL expressions feature, introduced in Grafana 11.6.0, allows arbitrary file writes that chain into remote code execution. The attack requires only Viewer-level permissions and the sqlExpressions feature toggle enabled. An attacker can overwrite Sqlyze database drivers or inject malicious AWS datasource configurations to achieve full RCE. Grafana Labs confirmed successful SSH access to the host in their testing. For LLMOps teams, this means anyone with dashboard access could potentially compromise the observability infrastructure that monitors your inference stack, exfiltrate prompt logs, or pivot to production model serving infrastructure if network segmentation is weak.

The practical exposure depends on your Grafana configuration. SQL expressions aren't enabled by default, but teams monitoring complex ML pipelines often enable them to transform query results—calculating P95 latency across model versions, aggregating token costs by customer tier, or correlating RAG retrieval quality with downstream accuracy metrics. If you've enabled this feature for custom LLM metrics dashboards, you're vulnerable. Check your Grafana config for the sqlExpressions feature toggle immediately.

CVE-2026-27880 is a simpler but still disruptive DoS vulnerability affecting Grafana 12.1.0 and later. The OpenFeature endpoints accept unbounded input without authentication, allowing memory exhaustion attacks. For ML platform teams, this translates to potential observability blackouts during critical incidents. If your inference monitoring goes dark during a model quality regression or cost spike, your mean time to detection extends significantly. The vulnerability is particularly concerning because it requires no authentication—any network-reachable attacker can trigger it.

The mitigation options reveal interesting tradeoffs. For CVE-2026-27876, disabling sqlExpressions is straightforward but breaks any custom SQL-based metric transformations. The alternative—updating Sqlyze and disabling AWS datasources—is operationally complex and may break existing dashboards pulling CloudWatch metrics for SageMaker endpoints or Bedrock usage. For CVE-2026-27880, deploying behind Cloudflare or configuring nginx payload limits adds latency and operational complexity, though the impact is minimal for typical dashboard queries.

The timeline is notable: Grafana Cloud was patched within hours of internal discovery, and enterprise customers received patches two weeks before public disclosure. If you're running self-hosted Grafana for compliance or data residency reasons, you absorbed significantly more risk during that window. This argues for either managed Grafana deployments or extremely tight patch cycles for self-hosted instances monitoring production ML systems.

For immediate action: upgrade to Grafana 12.4.2 or the appropriate patched version for your release branch. If you can't upgrade immediately, disable sqlExpressions and deploy a reverse proxy with payload size limits. Verify your Grafana instance isn't directly exposed to the internet—common in hastily deployed ML observability stacks. Review who has Viewer or higher permissions, particularly for dashboards displaying sensitive prompt data or model performance metrics. The RCE vulnerability effectively grants any dashboard viewer potential host access, which is a significant privilege escalation in most ML platform security models.