Grafana Files or Directories Accessible to External Parties Vulnerability - CVE-2026-33380
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server39s filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.