Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Grafana prompt injection exfiltration security flaw

Vulnerability
First reported
Last updated
Happening score
H score 45
1 unique sources, 1 articles

Summary

Hide ▲

GrafanaGhost is a critical Grafana vulnerability that attackers are using to silently exfiltrate sensitive enterprise data from monitoring environments. The flaw bypasses client-side protections and AI guardrails, letting malicious inputs trigger outbound transfers to attacker-controlled servers. Because the abuse can run without user interaction or login credentials, it creates a stealthy data-loss risk for organizations relying on Grafana for operational visibility.

Related Happenings

Grafana Labs source code leak and extortion demand

Data Leak
First: 19.05.2026 12:15 Last: 19.05.2026 12:15 Sources 1

About this happening: The **Grafana Labs** codebase was **downloaded from its GitHub environment**, creating a risk that proprietary source code could be **released or misused**. The company said **no...

Open Happening

Grafana Labs Says GitHub hit by cyberattack

Incident
First: 17.05.2026 10:13 Last: 17.05.2026 10:13 Sources 1

About this happening: A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...

Open Happening

Grafana indirect prompt injection GrafanaGhost security flaw

Vulnerability
First: 07.04.2026 22:52 Last: 07.04.2026 22:52 Sources 1

About this happening: **Grafana**'s **AI components** had an **indirect prompt injection** flaw, **GrafanaGhost**, that could let attackers **exfiltrate sensitive data** from user-visible content and s...

Open Happening

BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave

Exploitation Wave
First: 12.02.2026 23:34 Last: 12.02.2026 23:34 Sources 1

About this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...

Open Happening

BeyondTrust Remote Support and Privileged Remote Access pre-auth OS command injection (CVE-2026-1731)

Vulnerability
First: 09.02.2026 10:03 Last: 09.02.2026 10:03 Sources 1

About this happening: **CVE-2026-1731** is a **critical pre-authentication OS command injection** in **BeyondTrust Remote Support** and **Privileged Remote Access** that can let an **unauthenticated at...

Latest development: 09.02.2026 15:07

BeyondTrust secured all RS/PRA cloud systems by February 2, 2026 and directed on-premises customers to manually upgrade to Remote Support 25.3.2 or later and Privileged Remote Access 25.1.1 or later if automatic updates were not enabled.

Open Happening

Timeline

  1. 07.04.2026 17:00 2 articles · 1mo ago

    Noma identifies GrafanaGhost silent data-exfiltration flaw

    Initial Disclosure

    Noma's Threat Research Team identified GrafanaGhost, a critical vulnerability in Grafana environments that lets attackers silently exfiltrate sensitive enterprise data to attacker-controlled servers by chaining indirect prompt injection, protocol-relative URLs, and URL validation bypasses. The flaw operates without user interaction or login credentials and bypasses client-side protections and AI guardrails.

    Show sources
    Open in new tab