CVE-2026-27878

Summary

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.

Affected Software

VendorProductVersion RangeStatus
GrafanaEnterprise Traces (GET)2.6.1 < 2.8.8affected
GrafanaTempo2.6.0 < 2.10.2affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References