CVE-2026-15583 in MCP ServerИнформация

Сводка

по MITRE • 15.07.2026

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Ответственный

GRAFANA

Резервировать

13.07.2026

Раскрытие

15.07.2026

Модерация

принято

Вход

VDB-379202

EPSS

0.00312

KEV

Нет

Деятельности

Очень низкий

Источники

Interested in the pricing of exploits?

See the underground prices here!