CVE-2026-62147

CVE-2026-62147CVE-2026-62147

Description

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Last modified2026-07-13
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.