Grafana Tempo TraceQL OOM with Excessive Exemplars Hint
CVE-2026-27878 Published on June 19, 2026
Tempo TraceQL query with exemplar hint could result in unbounded memory usage
A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2026-27878 has been classified to as a Resource Exhaustion vulnerability or weakness.
Affected Versions
Grafana Enterprise Traces (GET):- Version 2.6.1 and below 2.8.8 is affected.
- Version 2.6.0 and below 2.10.2 is affected.