{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/sqlexpression/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["grafana","rce","sqlexpression"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-27876 describes a critical vulnerability in Grafana that allows for remote arbitrary code execution (RCE). The vulnerability stems from a chained attack involving SQL Expressions and a Grafana Enterprise plugin. Successful exploitation requires the \u003ccode\u003esqlExpressions\u003c/code\u003e feature toggle to be enabled on the Grafana instance. Grafana Labs strongly recommends that all users update their Grafana instances to the latest version to mitigate the risk of exploitation, even if the \u003ccode\u003esqlExpressions\u003c/code\u003e…\u003c/p\u003e\n","date_modified":"2026-03-27T15:16:50Z","date_published":"2026-03-27T15:16:50Z","id":"/briefs/2026-03-grafana-rce/","summary":"A chained attack leveraging SQL Expressions and a Grafana Enterprise plugin, tracked as CVE-2026-27876, can lead to remote arbitrary code execution on vulnerable Grafana instances with the sqlExpressions feature enabled.","title":"Grafana Enterprise Plugin SQL Expression RCE via CVE-2026-27876","url":"https://feed.craftedsignal.io/briefs/2026-03-grafana-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Sqlexpression","version":"https://jsonfeed.org/version/1.1"}