my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #grafana

Three CVEs in Flowise, a Prompt Injection in Grafana, and the Growing Case That Your AI Stack Is the Target

John Z Black Apr 8, 2026

AI Security #ai-security #flowise #grafana #prompt-injection #mcp #rce

Flowise has a perfect 10.0 CVSS under active exploitation. GrafanaGhost injects prompts through metric names. The attack surface isn't the AI model. It's everything around it.

Read More