EUVD-2026-38066

🗓️ 19 Jun 2026 19:02:27Reported by EUVDType

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service a...

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-27878	19 Jun 202619:02	–	attackerkb
CVE	CVE-2026-27878	19 Jun 202619:02	–	cve
Cvelist	CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage	19 Jun 202619:02	–	cvelist
NVD	CVE-2026-27878	19 Jun 202619:16	–	nvd
Positive Technologies	PT-2026-51011	19 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "6d8f3925-db93-3557-b9de-d3b099ac9111",
        "vendor": {
          "name": "Grafana"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "aa31f7db-0f6e-3551-aab1-54c251666f45",
        "product": {
          "name": "Enterprise Traces (GET)",
          "vendor": {
            "name": "Grafana"
          }
        },
        "product_version": "2.6.1 <2.8.8"
      },
      {
        "id": "f52a8913-1a17-3b2a-9c20-1cdeb6b621bc",
        "product": {
          "name": "Tempo",
          "vendor": {
            "name": "Grafana"
          }
        },
        "product_version": "2.6.0 <2.10.2"
      }
    ]
  }
]

Source	Link
grafana	www.grafana.com/security/security-advisories/cve-2026-27878

19 Jun 2026 19:03Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.5