CVE-2026-15583
Grafana · Grafana MCP Server
Grafana MCP Server is vulnerable to a confused-deputy attack, allowing unauthenticated remote attackers to exfiltrate service-account tokens via a crafted X-Grafana-URL header.
Executive summary
A high-severity confused-deputy flaw in Grafana MCP Server allows unauthenticated attackers to exfiltrate sensitive service-account tokens, risking full compromise of integrated systems.
Vulnerability
This is a confused-deputy vulnerability that occurs when the server processes a crafted X-Grafana-URL request header. The vulnerability is remotely exploitable by unauthenticated attackers, leading to the unauthorized disclosure of environment-configured tokens.
Business impact
The exfiltration of a Grafana service-account token grants the attacker the same permissions as the service account, which may include administrative access to Grafana and connected data sources. With a CVSS score of 8.6, this flaw poses a severe risk of lateral movement and large-scale data compromise within the infrastructure.
Remediation
Immediate Action: Upgrade Grafana MCP Server to the latest patched version provided by the vendor to prevent the processing of malicious URL headers.
Proactive Monitoring: Monitor network traffic and server logs for requests containing suspicious or anomalous X-Grafana-URL headers.
Compensating Controls: Implement network-level egress filtering to restrict the server from communicating with unauthorized or untrusted external URLs.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the potential for complete service-account compromise, immediate remediation is required. Security teams should identify all instances of the affected Grafana MCP Server and apply the vendor-provided updates to mitigate this vulnerability.