Grafana Tempo Large Limit Memory Allocation DoS
CVE-2026-21728 Published on April 24, 2026

Tempo query limit results in unbounded memory allocation
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).

Vendor Advisory NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2026-21728 has been classified to as a Resource Exhaustion vulnerability or weakness.

Affected Versions

Grafana Tempo:

Version v1.3.0 and below v2.11.0 is affected.

Exploit Probability

EPSS

0.02%

Percentile

4.27%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Grafana Tempo Large Limit Memory Allocation DoSCVE-2026-21728 Published on April 24, 2026

Weakness Type

What is a Resource Exhaustion Vulnerability?

Affected Versions

Exploit Probability

Grafana Tempo Large Limit Memory Allocation DoS
CVE-2026-21728 Published on April 24, 2026