A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.

Logging Subsystem for Red Hat OpenShift Not affected openshift-logging/lokistack-gateway-rhel9 Multicluster Global Hub Not affected multicluster-globalhub/multicluster-globalhub-grafana-rhel8 Multicluster Global Hub Affected multicluster-globalhub/multicluster-globalhub-grafana-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Affected rhacm2/acm-grafana-rhel9 Red Hat Ceph Storage 5 Affected rhceph/rhceph-5-dashboard-rhel8 Red Hat Ceph Storage 6 Affected rhceph/rhceph-6-dashboard-rhel9 Red Hat Ceph Storage 9 Affected rhceph/grafana-rhel10 Red Hat Enterprise Linux 10 Affected grafana Red Hat Enterprise Linux 9 Affected grafana Red Hat OpenShift distributed tracing 3 Affected rhosdt/tempo-gateway-rhel9 Red Hat OpenShift distributed tracing 3 Not affected rhosdt/tempo-query-rhel9 Red Hat OpenShift distributed tracing 3 Not affected rhosdt/tempo-rhel9 Red Hat OpenShift distributed tracing 3 Not affected rhosdt/tempo-rhel9-operator https://www.cve.org/CVERecord?id=CVE-2026-21728 https://nvd.nist.gov/vuln/detail/CVE-2026-21728 https://grafana.com/security/security-advisories/cve-2026-21728