CVE-2026-45681
5.9 MEDIUMOpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard
Published: 2026-06-02 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 5.9 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-125, CWE-130
Affected products
| Vendor | Product |
|---|---|
| opentelemetry | ebpf_instrumentation |
Description
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry. This issue has been patched in version 0.9.0.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45681
- [Other]https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0
- [Vendor advisory]https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-r6c9-g6q5-qrf9
- [Vendor advisory]https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-r6c9-g6q5-qrf9
Related CVEs
Same vendor
- CVE-2026-45686 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (7.5 HIGH)
- CVE-2026-45685 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (7.5 HIGH)
- CVE-2026-45684 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (4.9 MEDIUM)
- CVE-2026-45683 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (3.8 LOW)
- CVE-2026-45682 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (5.1 MEDIUM)
Same CWE
- CVE-2026-47166 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
- CVE-2026-45624 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)
- CVE-2026-45359 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
- CVE-2026-45358 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.3 MEDIUM)
- CVE-2026-42326 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)