CyberSec.Space Logo
返回 CVE 浏览器

CVE-2026-44967

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.0800%
EPSS Percentile25.06th
Published2026年6月12日
Last Modified2026年6月12日

Vulnerability Description

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can MITM the exporter connection). This vulnerability is fixed in opentelemetry-cpp release 1.27.0.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://github.com/open-telemetry/opentelemetry-cpp/issues/3958
🔗 https://github.com/open-telemetry/opentelemetry-cpp/pull/4078
🔗 https://github.com/open-telemetry/opentelemetry-cpp/security/advisories/GHSA-5qhm-4rfp-qqvj
🔗 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58
🔗 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58

相关漏洞威胁

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...

CVE-2026-121886.3

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules...