Grafana Tempo Vulnerability Allows Information Disclosure

CERT-Bund Security Advisories

Published March 17th, 2026

Detected March 18th, 2026

Summary

CERT-Bund has issued a security advisory for Grafana Tempo, detailing a vulnerability (CVSS 7.5) that allows remote attackers to disclose information. Affected versions are prior to 2.10.3, impacting Linux and UNIX systems.

View original document View source feed page

What changed

CERT-Bund has released security advisory WID-SEC-2026-0764 concerning a critical vulnerability in Grafana Tempo, rated with a CVSS Base Score of 7.5. This vulnerability allows remote, anonymous attackers to exploit a flaw to disclose information. The advisory specifically affects Grafana Tempo versions prior to 2.10.3, running on Linux and UNIX operating systems.

Organizations using Grafana Tempo should immediately review their deployed versions and apply available mitigations or update to a patched version (2.10.3 or later) to prevent potential information disclosure. While the advisory indicates mitigation is available, prompt action is recommended to address the high severity of this vulnerability and protect sensitive data.

What to do next

Review Grafana Tempo versions for instances prior to 2.10.3.
Apply available mitigations or update to Grafana Tempo 2.10.3 or later.
Assess potential information disclosure risks based on system configurations.

Source document (simplified)

[WID-SEC-2026-0764] Grafana Tempo: Schwachstelle ermöglicht Offenlegung von Informationen CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 17.03.2026 Stand 18.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

Linux
UNIX

Produktbeschreibung

Grafana Tempo ist ein hochskalierbares, verteiltes Tracing-Backend.

Produkte

17.03.2026
- Grafana Tempo <2.10.3

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Grafana Tempo ausnutzen, um Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben