CVE-2026-27878
- EPSS 0.24%
- Veröffentlicht 19.06.2026 19:02:27
- Zuletzt bearbeitet 29.06.2026 19:59:27
A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service agai...
CVE-2026-21728
- EPSS 0.65%
- Veröffentlicht 24.04.2026 08:00:47
- Zuletzt bearbeitet 30.06.2026 03:17:24
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18)...
CVE-2026-28377
- EPSS 0.16%
- Veröffentlicht 26.03.2026 21:39:46
- Zuletzt bearbeitet 31.03.2026 19:00:15
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_goodfellow fo...