CVE-2021-43798
Confirmed PUBLISHEDGrafana path traversal
1 day faster than CISA KEV
Recommended Action
Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
At a Glance
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
- CVE Published
- Dec 07, 2021
- Exploitation Reported
- Jun 01, 2026
- CVSS
- 7.5 High
- EPSS
- 88.8%
Affected Versions
| Vendor | Product | Version | Status |
|---|---|---|---|
| grafana |
grafana
|
>= 8.0.0, < 8.0.7 |
Affected |
| grafana |
grafana
|
>= 8.1.0, < 8.1.8 |
Affected |
| grafana |
grafana
|
>= 8.2.0, < 8.2.7 |
Affected |
| grafana |
grafana
|
= 8.3.0 |
Affected |
CVE References
- [oss-security] 20211209 CVE-2021-43798 Grafana directory traversal openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2021/12/09/2
- [oss-security] 20211210 CVE-2021-43813 and CVE-2021-43815 - Grafana directory traversal for some .md and .csv files openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2021/12/10/4
- GitHub — grafana/grafana github.com · CVE Record https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86...
- GitHub — grafana/grafana github.com · CVE Record https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113...
- packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.... packetstormsecurity.com · CVE Record http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Re...
Show 3 more references
- grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-4... grafana.com · CVE Record https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-...
- packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Travers... packetstormsecurity.com · CVE Record http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-T...
- security.netapp.com/advisory/ntap-20211229-0004 security.netapp.com · CVE Record https://security.netapp.com/advisory/ntap-20211229-0004/
Recommended Actions
- Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
- Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
- Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
Per-source evidence links for KEV attestations are available through the KEVIntel Pro API.
Learn about Pro API access| Source | Added |
|---|---|
| CVE First | 2026-06-01 10:41 UTC |
| CISA | 2026-06-02 14:05 UTC |
Scanner Artifacts
Nuclei and Metasploit references linked to this CVE.
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-43798.yaml | Apr 25, 2025 |
Virtual Patch
Compensating WAF rules to help reduce exposure to this CVE. Rule content and deployable vendor exports are available with KEVIntel Enterprise.
KEVIntel does not currently have a virtual patch for this CVE. When available, KEVIntel virtual patches ship as deployable ModSecurity, Cloudflare, and AWS WAF rules.
Enterprise feature. Virtual patch rule content and deployable vendor exports (ModSecurity, Cloudflare, AWS WAF) are available to KEVIntel Enterprise users.
CVSS Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitation Status
Exploited in the wild
Recorded 2026-06-01 13:30:37 UTC · CISA
Proof of concept available
Recorded 2021-12-07 09:02:16 UTC · GitHub
Weaknesses (CWE)
-
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Scanner Integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-43798.yaml | Apr 25, 2025 |
Potential Proof of Concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2025-03-06 17:31:27 UTC · 2 stars
Arbitrary file read in Grafana allows an attacker to read server files by abusing a path traversal.
github · Created 2024-10-05 18:51:12 UTC · 2 stars
Python implementation of a tool for decrypting and encrypting sensitive data in Grafana, specifically addressing the vulnerabilities associated with CVE-2021-43798. Grafana encrypts all data source passwords using the AES algorithm with the secret_key found in the defaults.ini configuration file.
github · Created 2024-07-02 08:43:45 UTC · 3 stars
Grafana Decryptor for CVE-2021-43798
github · Created 2024-03-04 18:32:21 UTC · 4 stars
A PoC exploit for CVE-2021-43798 - Grafana Directory Traversal
github · Created 2023-10-26 14:21:49 UTC · 0 stars
github · Created 2022-10-08 15:31:19 UTC · 3 stars
Grafana - Directory Traversal and Arbitrary File Read
github · Created 2022-01-08 02:58:18 UTC · 5 stars
github · Created 2021-12-11 18:49:30 UTC · 40 stars
This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).
github · Created 2021-12-11 16:24:58 UTC · 1 stars
CVE-2021-43798 is a vulnerability marked as High priority (CVSS 7.5) leading to arbitrary file read via installed plugins in Grafana application.
github · Created 2021-12-09 11:25:47 UTC · 2 stars
CVE-2021-43798Exp多线程批量验证脚本
github · Created 2021-12-09 09:53:25 UTC · 9 stars
Grafana-POC任意文件读取漏洞(CVE-2021-43798)
github · Created 2021-12-09 09:48:40 UTC · 5 stars
Simple program for exploit grafana
github · Created 2021-12-08 14:14:38 UTC · 4 stars
github · Created 2021-12-08 03:43:31 UTC · 17 stars
grafana CVE-2021-43798任意文件读取漏洞POC,采用多插件轮训检测的方法,允许指定单URL和从文件中读取URL
github · Created 2021-12-07 14:06:26 UTC · 11 stars
Grafanav8.*版本任意文件读取漏洞批量检测工具:该漏洞目前为0day漏洞,未授权的攻击者利用该漏洞,能够获取服务器敏感文件。
github · Created 2021-12-07 12:47:58 UTC · 25 stars
CVE-2021-43798:Grafana 任意文件读取漏洞
github · Created 2021-12-07 10:43:30 UTC · 14 stars
CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数
github · Created 2021-12-07 09:02:16 UTC · 358 stars
Grafana Unauthorized arbitrary file reading vulnerability
github · Created 2021-12-07 08:59:11 UTC · 27 stars
Grafana Arbitrary File Reading Vulnerability
github · Created 2021-12-06 20:10:23 UTC · 37 stars
CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)
nuclei · Created Unknown
Timeline
Key exploitation, disclosure, scanner coverage, and KEV attestation events for this CVE.
-
14:05 UTC about 2 months ago14:05 UTC · about 2 months ago
Added to CISA KEV
Listed in the CISA Known Exploited Vulnerabilities catalog
-
10:41 UTC about 2 months ago10:41 UTC · about 2 months ago
Added to KEVIntel KEV Feed
High-confidence, third-party attested exploitation
-
00:00 UTC about 1 year ago00:00 UTC · about 1 year ago
Nuclei template available
Scanner coverage available
-
18:25 UTC over 4 years ago18:25 UTC · over 4 years ago
CVE published
Vulnerability disclosed publicly
-
09:02 UTC over 4 years ago09:02 UTC · over 4 years ago
Public PoC available
Public proof-of-concept code published
-
00:00 UTC over 4 years ago00:00 UTC · over 4 years ago
CVE ID reserved
Identifier reserved by the CNA
Automate This Intelligence with the Pro API
Confidence scoring, exploit status, sensor telemetry, PoCs, scanner integrations, mentions, and tags are available programmatically for VM, SOC, and CTI workflows.
Pro API Example
GET /api/v2/pro/kevs/CVE-2021-43798
{
"cve_id": "CVE-2021-43798",
"title": "Grafana path traversal",
"affected_vendor": "grafana",
"affected_product": "grafana",
"affected_versions": [
{ "vendor": "...", "product": "...", "status": "affected", "display_label": "..." }
],
"confidence": "Confirmed",
"cvss_score": 7.5,
"epss_score": 0.88849,
"exploit_status": {
"exploited_in_the_wild": true,
"active_exploitation_observed": false
},
"sensor_telemetry": { "...": "Pro API fields" },
"proof_of_concepts": [ "..." ],
"scanner_integrations": [ "..." ]
}