CVE-2026-21729 PUBLISHED

Loki detected_fields query limits results in unbounded memory allocation

Assigner: GRAFANA
Reserved: 05.01.2026 Published: 16.07.2026 Updated: 16.07.2026

Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Product Status

Vendor Grafana
Product Loki
Versions Default: unaffected
  • affected from v3.0.0 to v3.7.0 (excl.)

References