A vulnerability marked as problematic has been reported in Grafana MCP Server up to 0.17.1. This impacts an unknown function of the component URL Handler. This manipulation of the argument X-Grafana-URL causes server-side request forgery.
This vulnerability is handled as CVE-2026-15583. The attack can be initiated remotely. There is not any exploit available.