Product
Grafana has published security advisories for vulnerabilities in Grafana MCP Server (CVE-2026-15583), leading to server-side request forgery, and Grafana Loki (CVE-2026-21729), resulting in unbounded memory allocation and denial of service, impacting versions 0.17.1 and prior for MCP Server and 3.7.0 and prior for Loki, urging users to update to mitigate potential exploitation.