Nixpkgs security tracker
6.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
Tempo TraceQL query with exemplar hint could result in unbounded memory usage
A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.
References
-
https://grafana.com/security/security-advisories/cve-2026-27878 vendor-advisory
Affected products
- <2.10.2
- <2.8.8
Matching in nixpkgs
pkgs.tempo
High volume, minimal dependency trace storage
pkgs.temporal
Microservice orchestration platform which enables developers to build scalable applications without sacrificing productivity or reliability
pkgs.tempora_lgc
Tempora font
pkgs.temporal-cli
Command-line interface for running Temporal Server and interacting with Workflows, Activities, Namespaces, and other parts of Temporal
pkgs.temporal_capi
A Rust implementation of ECMAScript's Temporal API
pkgs.temporal-ui-server
Golang Server for Temporal Web UI
pkgs.gnomeExtensions.tempomate
Effortless time tracking in Jira Tempo timesheets!
pkgs.haskellPackages.temporary
Portable temporary file and directory support
pkgs.python313Packages.tempora
Objects and routines pertaining to date and time
pkgs.python314Packages.tempora
Objects and routines pertaining to date and time
pkgs.haskellPackages.temporary-rc
Portable temporary file and directory support for Windows and Unix, based on code from Cabal
pkgs.python313Packages.temporalio
Temporal Python SDK
pkgs.python314Packages.temporalio
Temporal Python SDK
pkgs.haskellPackages.temporal-media
data types for temporal media
pkgs.haskellPackages.temporary-ospath
Portable temporary file and directory support
pkgs.terraform-providers.temporalcloud
None
pkgs.postgresqlPackages.temporal_tables
Temporal Tables PostgreSQL Extension
pkgs.haskellPackages.temporal-api-protos
None
-
nixos-unstable 2025.10.1.0
- nixpkgs-unstable 2025.10.1.0
- nixos-unstable-small 2025.10.1.0
-
nixos-26.05 2025.10.1.0
- nixos-26.05-small 2025.10.1.0
- nixpkgs-26.05-darwin 2025.10.1.0
pkgs.haskellPackages.temporary-resourcet
Portable temporary files and directories with automatic deletion
pkgs.postgresql14Packages.temporal_tables
Temporal Tables PostgreSQL Extension
pkgs.postgresql15Packages.temporal_tables
Temporal Tables PostgreSQL Extension
pkgs.postgresql16Packages.temporal_tables
Temporal Tables PostgreSQL Extension
pkgs.postgresql17Packages.temporal_tables
Temporal Tables PostgreSQL Extension
pkgs.postgresql18Packages.temporal_tables
Temporal Tables PostgreSQL Extension
pkgs.haskellPackages.temporal-music-notation
music notation
pkgs.haskellPackages.temporal-music-notation-demo
generates midi from score notation
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>
-
@ggPeti Peter Ferenczy <ggpeti@gmail.com>
-
@jpds Jonathan Davies
-
@levigross Levi Gross <levi@levigross.com>
-
@kashw2 Keanu Ashwell <supra4keanu@hotmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@aaronjheng Aaron Jheng <wentworth@outlook.com>
-
@breakds Break Yang <breakds@gmail.com>
-
@aduh95 Antoine du Hamel <duhamelantoine1995@gmail.com>