Grafana Tempo TraceQL OOM with Excessive Exemplars Hint
CVE-2026-27878 Published on June 19, 2026

Tempo TraceQL query with exemplar hint could result in unbounded memory usage
A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.

Vendor Advisory NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2026-27878 has been classified to as a Resource Exhaustion vulnerability or weakness.


Affected Versions

Grafana Enterprise Traces (GET): Grafana Tempo: