PT-2026-57809 · Red Hat · Red Hat Openshift Distributed Tracing 3

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-62147

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-62147

Affected Products

Red Hat Openshift Distributed Tracing 3