Grafana Enterprise is vulnerable to a remote denial-of-service attack that allows unauthenticated attackers to trigger excessive memory allocation.

This vulnerability is an improper input validation flaw affecting the public dashboard query endpoint. An unauthenticated attacker can send maliciously large JSON payloads to force the application to consume excessive system memory, leading to service disruption.

Successful exploitation of this vulnerability results in service downtime, potentially rendering dashboards and critical data visualizations inaccessible to users. With a CVSS score of 7.5, this high-severity flaw poses a significant risk to operational continuity, especially for organizations that rely on Grafana for real-time monitoring and incident response.

Immediate Action: Update to the latest version of Grafana Enterprise as soon as a patch is released by the vendor.

Proactive Monitoring: Monitor server memory utilization metrics and investigate sudden spikes in request payloads targeting the dashboard query endpoints.

Compensating Controls: Implement a Web Application Firewall (WAF) to enforce strict request body size limits on incoming traffic to the Grafana dashboard endpoints.

Public Exploit Available: false

Given the ease of exploitation by unauthenticated remote attackers, this vulnerability represents a significant risk to system availability. Administrators should prioritize identifying vulnerable instances and apply official vendor patches immediately upon availability to prevent potential denial-of-service attacks.