CVE-2026-45685 in opentelemetry-ebpf-instrumentationinformação

Sumário

de MITRE • 02/06/2026

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validated, so a single crafted message can terminate telemetry collection for the affected process or node. This issue has been patched in version 0.9.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

13/05/2026

Divulgação

02/06/2026

Moderação

aceite

Entrada

VDB-367973

CPE

pronto

CWE

CWE-404 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00238

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45685
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45685
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45685/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!