opentelemetry
OSS Librariesoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting opentelemetry.
- CVE-2026-44967opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response5.3
- CVE-2026-45287OpenTelemetry-Go's Schema ParseFile leaks file descriptors on each parse5.5
- CVE-2026-41178OpenTelemetry-Go's baggage parsing no longer caps raw header length5.3
- CVE-2026-45686OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI7.5
- CVE-2026-45685OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages7.5
- CVE-2026-45684OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers4.9
- CVE-2026-45683OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure3.8
- CVE-2026-45681OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size5.9
- CVE-2026-45680OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU5.9
- CVE-2026-45679OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages6.5
- CVE-2026-45678OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads7.5
- CVE-2026-45676OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent5.5
- CVE-2026-45682OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals5.1
- CVE-2026-44902opentelemetry-js: Prometheus exporter process crash via malformed HTTP request7.5
- CVE-2026-42602azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay8.1