Overview

A critical remote code execution vulnerability, CVE-2024-9264, was discovered in Grafana versions 11.0.x through 11.2.x. The flaw allows any authenticated user with Viewer-level permissions or higher to execute arbitrary commands and read sensitive files on the underlying server by abusing the experimental SQL Expressions feature. The vulnerability arises from insufficient sanitization of user-supplied input before it is passed to the DuckDB CLI, which Grafana invokes to run SQL against the result set returned by a data source query. A public proof-of-concept exploit was released shortly after disclosure, raising the urgency for affected organizations to patch immediately. It has been assigned a CVSS v3.1 score of 9.9 (Critical) by Grafana Labs.

Affected Versions

The following Grafana versions are vulnerable:

• Grafana 11.0.x (prior to 11.0.5)
• Grafana 11.1.x (prior to 11.1.6)
• Grafana 11.2.x (prior to 11.2.1)

Grafana 10.x and earlier are not affected by this vulnerability. At the time of disclosure, a large number of Grafana instances running affected versions were found to be publicly exposed on the internet across multiple regions globally.

Why This Vulnerability Matters

Grafana is one of the most widely deployed observability and analytics platforms in the world, used across enterprises, cloud providers, financial institutions, healthcare organizations, and critical infrastructure operators. It sits at the intersection of data visibility and operational control, making it a high-value target.

CVE-2024-9264 breaks the assumption that low-privilege users pose limited risk. The vulnerability allows:

• Remote code execution by any authenticated user
• Arbitrary file reads from the server filesystem
• System compromise from accounts with no administrative rights
• Exploitation via API without requiring direct UI access

Any Grafana 11.x deployment with DuckDB present in the server's $PATH should be treated as fully compromised if low-trust users have access.

What Is Grafana and the SQL Expressions Feature

Grafana is an open-source platform for monitoring and observability, used to visualize metrics, logs, and traces from a wide range of data sources. It allows teams to build dashboards powered by data from Prometheus, InfluxDB, PostgreSQL, and dozens of other backends.

SQL Expressions is an experimental feature introduced in Grafana 11 that allows users to post-process query outputs by running one or more SQL statements against the returned data. Internally, this works by passing the result set from the data source query along with the user-supplied SQL to the DuckDB CLI, which runs the SQL against that result set in memory. In simple terms, it gives users the ability to transform and filter dashboard data using raw SQL after it has been retrieved from a data source.

Due to an incorrect implementation of feature flags, this experimental feature was enabled by default for the Grafana API, even though it was not prominently surfaced in the UI.

Root Cause of CVE-2024-9264

The vulnerability was introduced alongside the SQL Expressions feature in Grafana 11. The core problem is straightforward: user-supplied SQL queries are passed to the DuckDB CLI without complete sanitization or input validation.

DuckDB supports SQL extensions that go beyond standard data manipulation. Critically, it provides functions capable of reading files from the local filesystem and executing shell commands. Because Grafana did not strip or escape these constructs before invoking the DuckDB CLI, an attacker could embed them directly in a crafted SQL expression and have them executed with the privileges of the Grafana server process.

The combination of incomplete input sanitization and the feature being inadvertently API-accessible by default created a straightforward exploitation path for any authenticated user.

How the Exploit Works

The exploit follows a clear and reproducible logic chain.

First, the attacker authenticates to Grafana using any account with Viewer permissions or higher. No administrative access is required. This lowers the bar for exploitation significantly in multi-user deployments.

Next, the attacker crafts a malicious SQL expression. DuckDB supports file-reading functions and shell-execution capabilities that are not restricted within Grafana's implementation. The attacker embeds one of these into a SQL expression submitted via the Grafana API, which accepts them even without the feature being visibly enabled in the UI.

Then, the attacker submits the expression. Grafana passes it to the DuckDB CLI running on the server without sanitizing the dangerous constructs. DuckDB executes the statement with the permissions of the Grafana process.

Finally, the payload runs. Depending on what the attacker injects, they can read arbitrary files from the server filesystem (Local File Inclusion), execute system commands (Remote Code Execution), exfiltrate credentials or configuration data, or establish a persistent foothold on the host.

A hard precondition is that the DuckDB binary must be installed and present in Grafana's $PATH. Grafana does not ship DuckDB by default, meaning exploitation requires that it was manually installed on the host. If DuckDB is not present, the system is not vulnerable. This significantly narrows the exploitable population, but DuckDB is commonly found in data-heavy environments that are precisely the kind of organizations running Grafana 11.

Why Viewer Permissions Do Not Protect You Here

A critical aspect of this vulnerability is that Grafana's permission model provides no meaningful defense. The exploit works at the SQL expression evaluation layer, which passes user input directly to an external process before any dangerous construct can be intercepted. Any authenticated user, including those granted only read access to a single dashboard, can trigger the vulnerable code path via the API.

In many enterprise Grafana deployments, Viewer accounts are granted to broad populations of internal users or external stakeholders. This vulnerability turns every one of those accounts into a potential vector for full server compromise.

Impact

Successful exploitation allows an attacker to read sensitive files from the host system including credentials, private keys, and configuration files, execute arbitrary operating system commands with Grafana process privileges, pivot to other systems accessible from the Grafana server, and potentially achieve full host compromise if the Grafana process runs with elevated permissions. The vulnerability requires no user interaction beyond the attacker's own authenticated session and no special configuration beyond DuckDB being present in the path.

Remediation and Mitigation

Official Fix

The vulnerability was discovered internally by a Grafana Labs engineer and patched in the following versions:

• 11.0.5 and 11.0.6+security-01
• 11.1.6 and 11.1.7+security-01
• 11.2.1 and 11.2.2+security-01

The fix addresses the incomplete sanitization of SQL queries passed to the DuckDB CLI and corrects the feature flag implementation that caused the experimental feature to be API-accessible by default. Patches were also applied to Grafana Cloud. Organizations should upgrade to one of the patched releases immediately.

Recommended Actions

System administrators should upgrade Grafana to a patched version without delay, audit all Grafana 11.x deployments to confirm whether DuckDB is installed on the host, review server-side logs for anomalous SQL expression usage, and restrict API access to authenticated users with a legitimate business need.

Temporary Mitigation

If immediate patching is not possible, remove the DuckDB binary from Grafana's $PATH entirely. As long as DuckDB is not accessible to the Grafana process, the vulnerability cannot be exploited. Additionally, restrict access to Grafana's API and minimize the number of accounts with Viewer or higher permissions. These steps reduce exposure but are not a substitute for patching.

Final Thoughts

CVE-2024-9264 is a textbook example of how experimental features, when insufficiently isolated, can undermine the security of an entire platform. SQL Expressions was designed to give users more flexibility in data processing. The decision to pass user-supplied SQL directly to an external CLI binary, without hardened sanitization, converted that flexibility into a remote code execution primitive accessible to the lowest-privileged users on the system.

A compounding factor was the feature flag bug that silently enabled API access to the experimental feature regardless of UI settings. Administrators had no straightforward way to know their instances were exposed.

Organizations should treat this vulnerability as a reminder that experimental features carry real security risk even when not prominently surfaced in the UI, that low-privilege users are not low-risk when the underlying platform has unsanitized input paths, and that invoking external binaries with user-controlled input is among the most dangerous patterns in application security.

If you are running Grafana 11.x, patching is not optional. The public availability of working exploits makes unpatched instances a matter of when, not if.

References

• Grafana Labs Blog Post: https://grafana.com/blog/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
• Grafana Labs Security Advisory: https://grafana.com/security/security-advisories/cve-2024-9264/
• NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9264 
• Public POC : git clone https://github.com/Exerrdev/CVE-2024-9264-Fixed.git  

‍