Lucene search
K

1226 matches found

OSV
OSV
added 2026/04/24 9:30 a.m.64 views

GHSA-P4R4-XVRQ-GVMC Grafana Tempo has an Uncontrolled Resource Consumption issue

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.8AI score0.00645EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/24 9:30 a.m.24 views

Grafana Tempo has an Uncontrolled Resource Consumption issue

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.8AI score0.00645EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/04/24 9:16 a.m.11 views

CVE-2026-21728

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS0.00645EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/24 8:0 a.m.10 views

CVE-2026-21728

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS7AI score0.00645EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/04/24 8:0 a.m.57 views

CVE-2026-21728

CVE-2026-21728 affects Grafana Tempo: queries with large limits can trigger large memory allocations, potentially impacting service availability depending on deployment. Technical detail across sources confirms the issue arises from unbounded or excessive memory usage during large-limit tempo que...

7.5CVSS7AI score0.00645EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 8:0 a.m.4 views

CVE-2026-21728 Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS7AI score0.00645EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 8:0 a.m.53 views

CVE-2026-21728 Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS0.00645EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 8:0 a.m.4 views

CVE-2026-21728 Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS7AI score0.00645EPSS
Exploits0References11
EUVD
EUVD
added 2026/04/24 8:0 a.m.7 views

EUVD-2026-25408

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.2AI score0.00645EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.17 views

PT-2026-34868

Name of the Vulnerable Software and Affected Versions Tempo affected versions not specified Description Queries with large limits can cause excessive memory allocations, which may impact service availability depending on the deployment strategy. Recommendations Set the max result limit in the...

7.5CVSS5.9AI score0.00645EPSS
Exploits0References12
EUVD
EUVD
added 2026/04/20 6:31 p.m.5 views

EUVD-2026-23931

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References6
OSV
OSV
added 2026/04/20 6:31 p.m.7 views

GHSA-QC5J-2MQX-X83Q Duplicate Advisory: OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mr34-9552-qr95. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowi...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/20 6:31 p.m.10 views

Duplicate Advisory: OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mr34-9552-qr95. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowi...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/04/20 6:16 p.m.12 views

CVE-2026-41389

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS0.00264EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/20 5:48 p.m.4 views

CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/20 5:48 p.m.31 views

CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS0.00264EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/20 5:48 p.m.4 views

CVE-2026-41389

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/20 5:48 p.m.2 views

CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS6AI score0.00264EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.11 views

PT-2026-33823

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the local root directory of the tool’s result media path, allowing arbitra...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder