CyberRota
← Ana sayfaya dön

CVE-2026-15583

HIGH · CVSS 8.6

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-15T08:16:22.977 · Çekilme zamanı: 2026-07-15T12:06:57.199523+00:00

CyberRota Yorumu

Uzaktan istismar edilebilir olabilir.

CVE
CVE-2026-15583
Severity
HIGH
CVSS
8.6
EPSS
Yok

Orijinal NVD Açıklaması

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.