CVE-2026-21728 | THREATINT

Description

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).

PUBLISHED Reserved 2026-01-05 | Published 2026-04-24 | Updated 2026-04-24 | Assigner GRAFANA

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Product status

Default status

unaffected

v1.3.0 (semver) before v2.11.0

affected

References

grafana.com/security/security-advisories/cve-2026-21728 vendor-advisory

cve.org (CVE-2026-21728)

nvd.nist.gov (CVE-2026-21728)

Download JSON