Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Grafana CVE-2021-43798 exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

An active exploitation wave hit Grafana on September 28, with 110 unique malicious IPs launching automated attacks against the old CVE-2021-43798 path traversal flaw. The activity matters because the same vulnerability had already been abused in December 2021 zero-day attacks and remains a repeat target for opportunistic abuse. Targets were primarily located in the United States, Slovakia, and Taiwan, showing a broad multi-country reach. Administrators were advised to patch Grafana and block the identified IPs.

Related Happenings

MetInfo CMS unauthenticated PHP code injection actively exploited remote code execution flaw (CVE-2026-29014)

Vulnerability
First: 05.05.2026 14:56 Last: 05.05.2026 14:56 Sources 1

About this happening: **CVE-2026-29014** in **MetInfo CMS** is **actively exploited**, putting **versions 7.9, 8.0, and 8.1** at risk of **remote code execution** and full server takeover. **MetInfo**...

Open Happening

Grafana indirect prompt injection GrafanaGhost security flaw

Vulnerability
First: 07.04.2026 22:52 Last: 07.04.2026 22:52 Sources 1

About this happening: **Grafana**'s **AI components** had an **indirect prompt injection** flaw, **GrafanaGhost**, that could let attackers **exfiltrate sensitive data** from user-visible content and s...

Open Happening

Grafana AI image-renderer prompt injection patch (GrafanaGhost)

Security Patch Release
First: 07.04.2026 22:52 Last: 07.04.2026 22:52 Sources 1

About this happening: **Grafana** has **patched** the **GrafanaGhost** flaw in its **image renderer** and **Markdown component**, closing an AI prompt-injection path that could have exposed **sensitive...

Open Happening

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

Oracle WebLogic actively exploited unauthenticated RCE flaw (CVE-2026-21962)

Vulnerability
First: 26.03.2026 18:00 Last: 26.03.2026 18:00 Sources 1

About this happening: **Oracle WebLogic**'s **CVE-2026-21962** was being **actively exploited** almost immediately after public exploit code appeared, creating a **CVSS 10.0** unauthenticated RCE risk...

Open Happening

Timeline

  1. 04.10.2025 17:18 2 articles · 7mo ago

    Grafana CVE-2021-43798 exploitation wave on September 28

    Exploitation Observed

    GreyNoise observed 110 unique malicious IPs, most of them from Bangladesh, launching attacks against Grafana instances on September 28. The activity targeted the path traversal flaw CVE-2021-43798 and affected systems in the United States, Slovakia, and Taiwan, with consistent destination ratios suggesting automation. Administrators were advised to patch Grafana, block the identified IP addresses, and check logs for path traversal requests that may return sensitive files.

    Show sources
    Open in new tab