Memory Pressure Issue in OpenTelemetry.Exporter.Jaeger by OpenTelemetry
CVE-2026-41078
5.9MEDIUM
What is CVE-2026-41078?
The OpenTelemetry.Exporter.Jaeger component within OpenTelemetry, specifically versions 1.6.0-rc.1 and earlier, suffers from a memory pressure issue. This occurs when the internal pooled-list sizing scales up due to large sets of observed spans or tag data, resulting in increased memory consumption. When faced with high-cardinality or maliciously crafted telemetry input, this vulnerability can lead to significant memory usage which may, in turn, cause denials of service. As of 2023, no plans are in place for remediation, as the OpenTelemetry.Exporter.Jaeger has been deprecated.
Affected Version(s)
opentelemetry-dotnet <= 1.6.0-rc.1
OpenTelemetry.Exporter.Jaeger <= 1.6.0-rc.1