CVE-2026-21728

Summary

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.

Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).

Affected Software

VendorProductVersion RangeStatus
GrafanaTempov1.3.0 < v2.11.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

grafana/tempo: Tempo: Denial of Service via large queries

Additional References

References