Grafana is an open-source visualization and analytics software. It allows you to query, visualize, alert on, and explore your metrics and time-series database (TSDB) data.

Grafana

HashiCorp's Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other sensitive resources in modern data centers. For each resource, Vault handles leasing, revocation, rolling, and auditing.

HashiCorp Vault

Prometheus is an open-source monitoring system with a dimensional data model, flexible query language, efficient time series database, and modern alerting approach.

Prometheus

Podman is an open-source project that is available on most Linux platforms and resides on GitHub. Podman is a daemonless container engine for developing, managing, and running Open Container Initiative (OCI) containers and container images on your Linux system. Podman provides a Docker-compatible command line front end that can simply alias the Docker CLI, `alias docker=podman`.

Podman

MinIO is a high-performance object storage that is API compatible with Amazon S3 cloud storage service. Use MinIO to build high-performance infrastructure for machine learning, analytics, and application data workloads.

MinIO

Atlantis is an application for automating Terraform via pull requests. It is deployed as a standalone application into your infrastructure.

Atlantis

Wolfi is a community Linux OS designed for the container and cloud-native era; it is a Linux distribution based on Alpine.

Wolfi

Chainguard is a Linux distribution based on Alpine. It's the commercial version of the Wolfi distro.

Chainguard

Golang, or Go, is an open-source programming language developed by Google.

Golang

Grafana Tempo is a distributed tracing backend that is optimized for high-scale and high-cardinality tracing data. It provides a scalable and efficient way to collect, store, and analyze tracing information, enabling insights into the performance and behavior of distributed applications.

Grafana Tempo

Thanos is an open-source project that extends the functionality of the Prometheus monitoring system by adding features like high availability and long-term historical data storage. Built to meet the requirements of scalability and reliability, Thanos allows seamless access to Prometheus data across different databases. It also uses a highly efficient compression algorithm, resulting in cost-effective storage.

Thanos

Infisical CLI is a command-line interface tool for managing secrets and configuration in development and production environments. It allows developers to securely store, retrieve, and manage sensitive information such as API keys, passwords, and other configuration data. The CLI integrates with the Infisical platform, enabling teams to centralize and control access to their secrets across various projects and environments.

Infisical CLI

MinimOS is a minimalist operating system designed for simplicity and efficiency. It aims to provide only essential functionalities, making it lightweight and suitable for resource-constrained environments. MinimOS is often used in embedded systems or as a base for custom operating system development.

MinimOS

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Red Hat Enterprise Linux is a Linux distribution developed by Red Hat for the commercial market.

Linux Red Hat

Linux openSUSE

Alpine Linux is a Linux distribution based on musl and BusyBox, designed for security, simplicity, and resource efficiency.

Linux Alpine

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-28292	CRITICAL	9.8	JavaScript	grafana-elasticsearch	No	Yes	Mar 10, 2026
CVE-2026-33186	CRITICAL	9.1	cAdvisor	blob-csi-1.24	No	Yes	Mar 20, 2026
CVE-2026-31802	HIGH	8.2	JavaScript	grafana-graphite	No	Yes	Mar 10, 2026
CVE-2026-32141	HIGH	7.5	JavaScript	grafana-prometheus	No	Yes	Mar 12, 2026
CVE-2026-27137	HIGH	7.5	Grafana	kubernetes-1.32	No	Yes	Mar 06, 2026

CVE-2026-27137:
Grafana vulnerability analysis and mitigation

7.5

Related Grafana vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-27137: Grafana vulnerability analysis and mitigation