HIGHCVE-2026-21728Published Modified CNA GRAFANA
CVE-2026-21728: Tempo query limit results in unbounded memory allocation
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- v2.11.0
- Affected Products
- 1
Fix available
v2.11.0
Affected packages
- Grafana / Tempo< v2.11.0 (from v1.3.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences