CVE-2026-62147
EUVD-2026-4348913.07.2026, 12:16
The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.