Executive Summary

The CVE-2026-45680 vulnerability affects the OpenTelemetry eBPF Instrumentation (OBI) component. Specifically, in versions prior to 0.9.0, the system replays BPF probe hits into histogram observations by looping once per recorded run count without limiting this count. On busy systems, this run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop during each metrics collection interval.

This unbounded replay of internal metrics leads to uncontrolled resource consumption, where CPU usage grows proportionally to the number of probe hits rather than the number of metric series. The issue occurs in the code responsible for exporting metrics, particularly in the file `pkg/export/prom/prom_bpf.go`.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause excessive CPU consumption on systems running the affected OpenTelemetry eBPF instrumentation versions. On busy systems with high probe activity, the metrics exporter can enter a tight loop consuming significant CPU resources.

As a result, this can lead to availability issues, where the privileged agent or the system itself may become less responsive or degraded due to high CPU usage. Attackers could indirectly exploit this by driving high activity through instrumented services, causing resource exhaustion.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring CPU usage patterns on systems running OpenTelemetry eBPF Instrumentation versions prior to 0.9.0. Specifically, look for excessive CPU consumption by the metrics exporter process during metrics collection intervals.

Since the issue occurs when internal metrics export is enabled and probe activity spikes, you can detect it by observing unusually high CPU usage correlated with probe hit activity.

Commands to help detect this condition include:

• Use top or htop to monitor CPU usage of the OpenTelemetry eBPF instrumentation process.
• Use pidstat or perf to profile CPU usage and identify if the metrics exporter is consuming excessive CPU.
• Check logs or metrics from the OpenTelemetry agent for spikes in probe hits or internal metrics export activity.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the OpenTelemetry eBPF Instrumentation component to version 0.9.0 or later, where this issue has been patched.

If upgrading is not immediately possible, consider disabling internal metrics export or reducing probe activity to limit the run-count delta and thus reduce CPU consumption.

Monitoring and limiting the load on instrumented services can also help prevent triggering the excessive CPU usage condition.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0