OpenFeature evaluation API reads input data with no bounds
High
| Advisory ID: | CVE-2026-27880 |
| Published: | 2026-03-30 |
| Product: | Grafana |
| CVSS Score: | 7.5 |
| CVSS Vector: | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Fixed Versions: | <12.1.0 >=12.1.10 <12.2.0 >=12.2.8 <12.3.0 >=12.3.6 <12.4.0 >=12.4.2 |
Summary
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes.