Vulnerabilities (CVE)

Filtered by vendor Grafana Subscribe
Filtered by product Loki Datasource
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2026-42129 1 Grafana 1 Loki Datasource 2026-06-30 N/A 7.7 HIGH
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints (e.g. /config, /services, /ready) to extract sensitive backend configuration and internal service information.