CVE-2026-40894
Undergoing Analysis
Undergoing Analysis - In Progress
BaseFortify
Publication date: 2026-04-23
Last updated on: 2026-04-28
Assigner: GitHub, Inc.
Description
Description
OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opentelemetry | opentelemetry.extensions.propagators | From 1.3.0 (exc) to 1.15.3 (exc) |
| opentelemetry | opentelemetry.api | From 0.5.0 (inc) to 1.15.3 (exc) |
| opentelemetry | opentelemetry | From 0.5.0 (inc) to 1.15.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70