VYPR

Opentelemetry

by Opentelemetry

Source repositories

CVEs (9)

  • CVE-2026-29181HigApr 7, 2026
    risk 0.42cvss 7.5epss 0.00

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many…

  • CVE-2026-39883HigApr 8, 2026
    risk 0.39cvss 7.0epss 0.00

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris…

  • CVE-2026-47701higJun 10, 2026
    risk 0.38cvss epss 0.00

    ## Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator (TargetAllocator) Companion: Prometheus Operator API types (CRDs) ## Summary OpenTelemetry Operator's TargetAllocator watches `ServiceMonitor` resources via the Prometheus…

  • CVE-2026-41078MedApr 23, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent…

  • CVE-2026-44967MedJun 12, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured…

  • CVE-2026-40894MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and…

  • CVE-2026-40891MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol (OTLP), the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a…

  • CVE-2026-40182MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format (OTLP), if the request results in a unsuccessful request (i.e. HTTP 4xx or 5xx), the…

  • CVE-2026-39882MedApr 8, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector…