CyberRota Yorumu
Uzaktan istismar edilebilir olabilir.
CVE
CVE-2026-15583
Severity
HIGH
CVSS
8.6
EPSS
Yok
Orijinal NVD Açıklaması
A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.