CVE-2026-15583 in MCP Serverinformação

Sumário

de MITRE • 15/07/2026

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsável

GRAFANA

Reservar

13/07/2026

Divulgação

15/07/2026

Moderação

aceite

Entrada

VDB-379202

CPE

pronto

EPSS

0.00312

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!