7.5

CVE-2026-21728

Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.

Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GrafanaTempo Version >= 1.3.0 < 2.8.4
GrafanaTempo Version >= 2.9.0 < 2.9.2
GrafanaTempo Version >= 2.10.0 < 2.10.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.65% 0.463
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@grafana.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://grafana.com/security/security-advisories/cve-2026-21728
Broken Link
https://access.redhat.com/errata/RHSA-2026:21769
https://access.redhat.com/errata/RHSA-2026:22347
https://access.redhat.com/errata/RHSA-2026:22423
https://access.redhat.com/errata/RHSA-2026:23345
https://access.redhat.com/errata/RHSA-2026:24503
https://access.redhat.com/security/cve/CVE-2026-21728
https://bugzilla.redhat.com/show_bug.cgi?id=2461395
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21728.json