VYPR
Medium severity5.3GHSA Advisory· Published May 6, 2026· Updated May 11, 2026

CVE-2026-41310

CVE-2026-41310

Description

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spans could experience avoidable memory growth under sustained unique remote endpoint values, increasing process memory usage over time and degrading availability. This issue is fixed in version 1.15.3, which introduces a bounded, thread-safe LRU cache for remote endpoints with a fixed maximum size.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
OpenTelemetry.Exporter.ZipkinNuGet
< 1.15.31.15.3

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.