CVE-2026-62147
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/07/2026
Last modified:
13/07/2026
Description
The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM



