VYPR
High severity7.5GHSA Advisory· Published Jun 2, 2026· Updated Jun 3, 2026

CVE-2026-45678

CVE-2026-45678

Description

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond the end of the captured buffer and panic. This issue has been patched in version 0.9.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
go.opentelemetry.io/obiGo
< 0.9.00.9.0

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

1
CVE-2026-45678 · High · VYPR