A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud metadata endpoints.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-15583 exploits a confused-deputy vulnerability in Grafana MCP Server where unauthenticated attackers manipulate the X-Grafana-URL request header to trick the server into exposing its service-account token and enabling Server-Side Request Forgery (SSRF) attacks. This is particularly dangerous because it requires no authentication, affects organizations running Grafana MCP Server without proper input validation, and compromises the foundational trust model of the application. The exposed service-account token grants full administrative access to connected Grafana instances, while SSRF capabilities allow attackers to pivot to cloud metadata endpoints (AWS, Azure, GCP) and internal services—turning a single vulnerability into a springboard for lateral movement and credential harvesting at scale.
While this CVE currently maps to zero Casky skills due to the absence of mapped MITRE ATT&CK techniques, Casky's Claude AI-powered extended reasoning would detect the underlying attack patterns across multiple domains: credential theft via Credential Access techniques (T1528, T1552), SSRF exploitation under Network Service Scanning (T1046), and exploitation of trust relationships (T1199). A practitioner using Casky would observe findings highlighting suspicious HTTP request header manipulation, anomalous outbound connections to cloud metadata endpoints (169.254.169.254, http://metadata.google.internal), and unauthorized token-based authentication events. As the threat landscape evolves and this CVE receives formal MITRE mappings, Casky would enable detection of header-injection attack patterns, anomalous service-account token usage, and internal service reconnaissance—providing practitioners with the behavioral context needed to identify both initial compromise and post-exploitation activity.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-15583. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation