CVE-2026-15583

Grafana · Grafana MCP Server

Grafana MCP Server is vulnerable to a confused-deputy attack, allowing unauthenticated remote attackers to exfiltrate service-account tokens via a crafted X-Grafana-URL header.

Executive summary

A high-severity confused-deputy flaw in Grafana MCP Server allows unauthenticated attackers to exfiltrate sensitive service-account tokens, risking full compromise of integrated systems.

Vulnerability

This is a confused-deputy vulnerability that occurs when the server processes a crafted X-Grafana-URL request header. The vulnerability is remotely exploitable by unauthenticated attackers, leading to the unauthorized disclosure of environment-configured tokens.

Business impact

The exfiltration of a Grafana service-account token grants the attacker the same permissions as the service account, which may include administrative access to Grafana and connected data sources. With a CVSS score of 8.6, this flaw poses a severe risk of lateral movement and large-scale data compromise within the infrastructure.

Remediation

Immediate Action: Upgrade Grafana MCP Server to the latest patched version provided by the vendor to prevent the processing of malicious URL headers.

Proactive Monitoring: Monitor network traffic and server logs for requests containing suspicious or anomalous X-Grafana-URL headers.

Compensating Controls: Implement network-level egress filtering to restrict the server from communicating with unauthorized or untrusted external URLs.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the potential for complete service-account compromise, immediate remediation is required. Security teams should identify all instances of the affected Grafana MCP Server and apply the vendor-provided updates to mitigate this vulnerability.