CVE-2026-45680
High CPU Usage in OpenTelemetry eBPF Instrumentation
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open_telemetry | opentelemetry_ebpf_instrumentation | to 0.9.0 (exc) |
| open_telemetry | opentelemetry_ebpf_instrumentation | From 0.0.0-rc.1+build (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-834 | The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-45680 vulnerability affects the OpenTelemetry eBPF Instrumentation (OBI) component. Specifically, in versions prior to 0.9.0, the system replays BPF probe hits into histogram observations by looping once per recorded run count without limiting this count. On busy systems, this run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop during each metrics collection interval.
This unbounded replay of internal metrics leads to uncontrolled resource consumption, where CPU usage grows proportionally to the number of probe hits rather than the number of metric series. The issue occurs in the code responsible for exporting metrics, particularly in the file `pkg/export/prom/prom_bpf.go`.
How can this vulnerability impact me? :
This vulnerability can cause excessive CPU consumption on systems running the affected OpenTelemetry eBPF instrumentation versions. On busy systems with high probe activity, the metrics exporter can enter a tight loop consuming significant CPU resources.
As a result, this can lead to availability issues, where the privileged agent or the system itself may become less responsive or degraded due to high CPU usage. Attackers could indirectly exploit this by driving high activity through instrumented services, causing resource exhaustion.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring CPU usage patterns on systems running OpenTelemetry eBPF Instrumentation versions prior to 0.9.0. Specifically, look for excessive CPU consumption by the metrics exporter process during metrics collection intervals.
Since the issue occurs when internal metrics export is enabled and probe activity spikes, you can detect it by observing unusually high CPU usage correlated with probe hit activity.
Commands to help detect this condition include:
- Use top or htop to monitor CPU usage of the OpenTelemetry eBPF instrumentation process.
- Use pidstat or perf to profile CPU usage and identify if the metrics exporter is consuming excessive CPU.
- Check logs or metrics from the OpenTelemetry agent for spikes in probe hits or internal metrics export activity.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the OpenTelemetry eBPF Instrumentation component to version 0.9.0 or later, where this issue has been patched.
If upgrading is not immediately possible, consider disabling internal metrics export or reducing probe activity to limit the run-count delta and thus reduce CPU consumption.
Monitoring and limiting the load on instrumented services can also help prevent triggering the excessive CPU usage condition.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.