Vulnerabilities

CVE-2026-28377

by Fred · 26/03/2026

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3.

Thanks to william_goodfellow for reporting this vulnerability.

More information : https://grafana.com/security/security-advisories/cve-2026-28377

Similar

Tags: Cybersecurity Alert