CVE-2026-41078
Undergoing Analysis
Undergoing Analysis - In Progress
BaseFortify
Publication date: 2026-04-23
Last updated on: 2026-04-28
Assigner: GitHub, Inc.
Description
Description
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under high-cardinality or attacker-influenced telemetry input, this can increase memory consumption and potentially cause denial of service. There is no plan to fix this issue as OpenTelemetry.Exporter.Jaeger was deprecated in 2023.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opentelemetry | opentelemetry | to 1.6.0 (exc) |
| opentelemetry | opentelemetry | 1.6.0 |
| opentelemetry | opentelemetry | 1.6.0 |
| opentelemetry | opentelemetry | 1.6.0 |
| opentelemetry | opentelemetry | 1.6.0 |
| opentelemetry | opentelemetry | 1.6.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70