Zero‑click Grafana AI attack can enable enterprise data exfiltration
Summary
GrafanaGhost is a critical vulnerability in Grafana (a data visualization platform) that uses indirect prompt injection (tricking an AI by hiding malicious instructions in data it processes) to steal sensitive enterprise data without requiring user authentication or interaction. Attackers chain together multiple exploits, including bypassing URL validation and AI safety guardrails, to trick Grafana's AI into sending confidential information to attacker-controlled servers.
Solution / Mitigation
Grafana has rolled out a fix for this issue. Additionally, security experts recommend: identifying exposure by checking whether Grafana AI/LLM features are enabled, patching to the latest version, restricting "img-src" (image source permissions) to known domains, and applying egress controls (network rules that limit outbound data traffic).
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
Original source: https://www.csoonline.com/article/4155004/zero%e2%80%91click-grafana-ai-attack-can-enable-enterprise-data-exfiltration.html
First tracked: April 7, 2026 at 02:01 PM
Classified by LLM (prompt v3) · confidence: 92%