CVE-2026-27878
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
A vulnerability in Grafana Tempo allows an authenticated user to execute a TraceQL query with a large exemplars hint value, causing excessive memory allocation and crashing the Tempo instance due to out-of-memory.
Risk Assessment
An attacker can perform a Denial of Service (DoS) attack on the Tempo service, causing it to crash and disrupting trace monitoring operations.
Recommendation
Immediately update Grafana Tempo to a version that limits the exemplars hint value in TraceQL queries, and implement memory limits for Tempo instances.
Original NVD description (English source)
A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.

