CVE-2026-45287 in opentelemetry-goinfo

Zusammenfassung

von MITRE • 04.06.2026

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens the schema file and passes it to `Parse` without closing it; repeated parsing in a long-running process can exhaust the process file descriptor limit and cause denial of service. Exploitation depends on a consuming application exposing repeated schema parsing to an attacker-controlled path. Version 0.0.17 contains a patch for the issue.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

11.05.2026

Veröffentlichung

04.06.2026

Moderieren

akzeptiert

Eintrag

VDB-368379

CPE

bereit

CWE

CWE-772 (bestätigt)

CVSS

4.0 (VulDB)

EPSS

0.00000

KEV

nein

Aktivitäten

low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45287
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45287
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45287/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!