Namespace Redaction Flaw in Tempo Operator by Red Hat
CVE-2026-62147
6.5MEDIUM
What is CVE-2026-62147?
The Tempo Operator's gateway component contains a vulnerability that fails to consistently implement namespace-level redaction on certain query API response paths when query role-based access control (RBAC) is enabled. This oversight allows authenticated users to access span attributes belonging to namespaces of other tenants, leading to potential unauthorized data exposure.