VYPR
Medium severity5.9GHSA Advisory· Published Jun 2, 2026· Updated Jun 3, 2026

CVE-2026-45681

CVE-2026-45681

Description

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry. This issue has been patched in version 0.9.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
go.opentelemetry.io/obiGo
< 0.9.00.9.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

1