What is the CVSS score of CVE-2026-27878?

CVE-2026-27878 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2026-27878?

Yes, a patch is available for CVE-2026-27878. Update the affected software to the latest version immediately.

Grafana Tempo CVE-2026-27878

EUVD-2026-38066 MEDIUM

2026-06-19 GRAFANA

GHSA-6xff-cpcq-vpw2

Grafana Denial Of Service Enterprise Traces Get Tempo

6.5

CVSS 3.1 · Vendor: GRAFANA

Severity by source

Vendor (GRAFANA) PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

vuln.today AI

6.5 MEDIUM

Network-reachable query API requires authenticated low-privilege user; no complexity barrier; pure availability impact only via OOM crash; no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GRAFANA).

CVSS VectorVendor: GRAFANA

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch available

Jun 19, 2026 - 21:02 EUVD

Analysis Generated

Jun 19, 2026 - 19:33 vuln.today

DescriptionCVE.org

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.

AnalysisAI

Grafana Tempo and Enterprise Traces (GET) are vulnerable to an authenticated denial-of-service condition triggered by submitting a TraceQL query containing an excessively large exemplars hint value, causing the Tempo service to allocate unbounded memory until an out-of-memory crash occurs. Any authenticated user with query access - even low-privileged - can exploit this to take down the Tempo tracing backend, disrupting observability pipelines for the entire platform. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain low-privilege credentials for Grafana or Tempo API

Delivery

Craft TraceQL query with oversized exemplars hint value

Exploit

Submit query to Tempo query API endpoint

Execution

Tempo allocates unbounded memory buffer

Persist

OOM condition triggers process termination

Impact

Tempo service crashes, tracing unavailable

Access

Obtain low-privilege credentials for Grafana or Tempo API

Delivery

Craft TraceQL query with oversized exemplars hint value

Exploit

Submit query to Tempo query API endpoint

Execution

Tempo allocates unbounded memory buffer

Persist

OOM condition triggers process termination

Impact

Tempo service crashes, tracing unavailable

Vulnerability AssessmentAI

Exploitation	Exploitation requires a valid, low-privilege authenticated session against the Grafana or Tempo instance (confirmed by CVSS PR:L); unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately reflects the threat model: network-reachable, low complexity, requiring only low-level authentication (any valid user account), with complete availability impact but zero confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated Grafana user - such as a developer with Viewer or Editor access to a shared Tempo datasource - submits a crafted TraceQL query setting the exemplars hint to an extremely large integer (e.g., INT_MAX or similar) via the Grafana Explore panel or directly via the Tempo HTTP query API. The Tempo process attempts to allocate a memory buffer proportional to the hint value, rapidly exhausts available heap memory, and the process is killed by the OOM killer, taking down the entire Tempo service and disrupting distributed tracing for all dependent applications until the service is restarted. …
Remediation	The primary remediation is to apply the vendor-released patch as documented in the Grafana security advisory at https://grafana.com/security/security-advisories/cve-2026-27878 - the exact fixed version is not specified in the available intelligence and must be confirmed from that source before upgrading. … Detailed patch versions, workarounds, and compensating controls in full report.