PT-2026-34868 · Grafana · Tempo
Published
2026-04-24
·
Updated
2026-04-24
·
CVE-2026-21728
CVSS v3.1
7.5
High
| AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.
Mitigation can be done by setting max result limit in the search config, e.g. to 262144 (2^18).
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tempo