Known Vulnerabilities for Tempo by Grafana
Listed below are 3 of the newest known vulnerabilities associated with "Tempo" by "Grafana".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-62147 json | The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response pat... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-28377 json | Not Provided | 2026-03-26 | 2026-03-31 | |
| CVE-2026-27878 json | A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amou... | Not Provided | 2026-06-19 | 2026-06-23 |
| CVE-2026-21728 json | Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, dependin... | Not Provided | 2026-04-24 | 2026-06-30 |
| CVE-2026-10601 json | A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintend... | Not Provided | 2026-06-22 | 2026-07-10 |
| CVE-2025-23868 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mliebelt Chess Tempo Vi... | Not Provided | 2025-01-16 | 2026-04-23 |