CVE-2026-15583 - SSRF (confused deputy) in Grafana MCP Server via X-Grafana-URL header
CVE ID :CVE-2026-15583 Published : July 15, 2026, 8:16 a.m. | 17 minutes ago Description :A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL...