Changeflow GovPing Data Privacy & Cybersecurity Grafana Tempo High-Severity Vulnerability Fixed...
Priority review Guidance Added Final

Grafana Tempo High-Severity Vulnerability Fixed CVE-2026-21728

Favicon for www.acn.gov.it Italy ACN News alt
Published
Detected
Email

Summary

ACN Italy issued Alert AL05/260424/CSIRT-ITA notifying that a high-severity denial-of-service vulnerability has been fixed in Grafana Tempo, an open-source component of the LGTM observability stack (Loki, Grafana, Tempo, Mimir). The vulnerability, CVE-2026-21728, affects all Grafana Tempo versions from v1.3.0 through v2.11.0 (exclusive) and could allow a remote attacker to compromise service availability on affected systems. ACN rates the system impact as Medium (63.46) and recommends updating vulnerable installations per the vendor security bulletin at grafana.com.

Why this matters

Organisations running Grafana Tempo should verify their deployed version against the affected range (v1.3.0 to v2.11.0) as a priority — the DoS impact on availability is the key operational risk. This alert applies to any entity using Grafana Tempo for distributed tracing, regardless of industry, as it is a core component of the open-source LGTM observability stack widely deployed in production environments.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by ACN on acn.gov.it . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Italy ACN News alt for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 10 changes logged to date.

View original document View source feed page

What changed

ACN Italy published a security alert notifying of a fixed high-severity vulnerability in Grafana Tempo (CVE-2026-21728). The vulnerability, rated High severity with a Medium system impact score (63.46), affects all Grafana Tempo versions from v1.3.0 to v2.11.0 (exclusive). A remote attacker could exploit this flaw to compromise service availability on affected systems.

Organisations running Grafana Tempo within the vulnerable version range should update immediately to a patched version. The alert does not indicate active exploitation but notes the availability impact could be significant. Security teams responsible for LGTM-stack deployments should verify their Tempo installations and apply vendor-recommended patches.

What to do next

  1. Update Grafana Tempo to a patched version per the vendor security bulletin at grafana.com/security/security-advisories/cve-2026-21728

Archived snapshot

Apr 25, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Risolta vulnerabilità in Grafana Tempo

**
Alert**

AL05/260424/CSIRT-ITA

Condividi
- Facebook
- Twitter
- LinkedIn
- Whatsapp

Sintesi

Rilasciati aggiornamenti di sicurezza per risolvere una vulnerabilità con gravità “alta” presente in Grafana Tempo, componente open‑source dello stack LGTM (Loki, Grafana, Tempo, Mimir). Tale vulnerabilità, qualora sfruttata, potrebbe permettere a un utente malintenzionato remoto di compromettere la disponibilità del servizio sui sistemi interessati.

Tipologia

  • Denial of Service

Prodotti e/o versioni affette

Grafana Tempo

  • versioni dalla v1.3.0 alla v2.11.0 (esclusa)

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di aggiornare i prodotti vulnerabili seguendo le indicazioni del bollettino di sicurezza riportato nella sezione Riferimenti.

CVE (1)

Cerca:
| CVE | POC | EXPLOITATION |
| --- | --- | --- |
| CVE-2026-21728 | - | - |

Riferimenti (1)

  1. https://grafana.com/security/security-advisories/cve-2026-21728

Change log

Versione Note Data
1.0 Pubblicato il 24-04-2026 24/04/2026

Impatto sistemico

Medio (63.46)

Argomenti

Data pubblicazione

24/04/26 ore 15:53

Data Ultimo Aggiornamento

24/04/26 ore 15:53

Related changes

Favicon for www.csirt.gov.it Grafana Tempo High-Severity DoS Vulnerability Resolved — Update Required
Priority review Apr 24, 2026 Italy CSIRT Advisories Data Privacy & Cybersecurity
Favicon for www.acn.gov.it Ruby ERB Remote Code Execution Vulnerability CVE-2026-41316
Priority review Apr 23, 2026 Italy ACN News alt Data Privacy & Cybersecurity
Favicon for www.acn.gov.it High-Severity Vulnerability in Mastodon Allows Remote Security Bypass
Priority review Apr 25, 2026 Italy ACN News alt Data Privacy & Cybersecurity

Get daily alerts for Italy ACN News alt

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.acn.gov.it
Italy ACN News alt acn.gov.it/portale/feedrss/-/journal/rss/20119/723192
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from ACN.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
ACN
Published
April 24th, 2026
Instrument
Guidance
Branch
Executive
Source language
it
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability remediation Software patching Observability infrastructure
Geographic scope
IT IT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Software & Technology

Browse Categories

Agriculture & Food Safety 84 AI Regulation 3 Banking & Finance 500 Consumer Protection 141 Courts & Legal 635 Data Privacy & Cybersecurity 150 Defense & National Security 52 Education 64 Energy 138 Environment 170 Gaming 2 Government & Legislation 524 Healthcare 15 Healthcare & Life Sciences 402 Immigration 11 Insurance 90 Labor & Employment 193 Pharma & Drug Safety 21 Professional Licensing 6 Real Estate & Housing 76 Securities & Markets 175 Tax 117 Telecom & Technology 56 Trade & Sanctions 169 Transportation 130

Get alerts for this source

We'll email you when Italy ACN News alt publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!