QSearchQSearch

CVE-2026-45680

5.9 MEDIUM

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard

Published: 2026-06-02 · Last updated: 2026-06-03

Severity and scoring

CVSS
5.9 MEDIUM
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-400, CWE-834

Affected products

VendorProduct
opentelemetryebpf_instrumentation

Description

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop every collection interval. This issue has been patched in version 0.9.0.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-45686 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (7.5 HIGH)
  • CVE-2026-45685 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (7.5 HIGH)
  • CVE-2026-45684 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (4.9 MEDIUM)
  • CVE-2026-45683 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (3.8 LOW)
  • CVE-2026-45682 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (5.1 MEDIUM)

Same CWE

  • CVE-2026-47734 Dulwich is a pure-Python implementation of the Git file formats and protocols (5.7 MEDIUM)
  • CVE-2026-46689 Kanidm is an identity management platform
  • CVE-2026-46679 libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)
  • CVE-2026-46522 ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
  • CVE-2026-45783 libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)