Vulnerability Details CVE-2026-28381
The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.5%
CVSS Severity
CVSS v3 Score 9.6
Products affected by CVE-2026-28381
-
cpe:2.3:a:grafana:snowflake:1.14.10
-
cpe:2.3:a:grafana:snowflake:1.14.12
-
cpe:2.3:a:grafana:snowflake:1.14.7
-
cpe:2.3:a:grafana:snowflake:1.14.8
-
cpe:2.3:a:grafana:snowflake:1.14.9