CVE-2025-41117

medium

Red Hat

CVSS v3 Base Score

6.8

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Published: February 12, 2026

Last Modified: February 12, 2026

Vendor: Red Hat

Description

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo do not appear affected whatsoever.

CWE

CWE-79

Affected Products

Multicluster Global HubRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Ceph Storage 7Red Hat Ceph Storage 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 grafana.com

CVE-2025-41117

Vulnerability Report

Description

CWE

Affected Products

References