Memory Exhaustion Vulnerability in OpenTelemetry-cpp by OpenTelemetry
CVE-2026-44967
5.3MEDIUM
What is CVE-2026-44967?
OpenTelemetry-cpp, the C++ implementation of OpenTelemetry, was found to have a vulnerability that allows OTLP HTTP exporters (traces, metrics, logs) to read the complete HTTP response into an in-memory vector without a restriction on size. This issue can lead to memory exhaustion, particularly when the collector endpoint is controlled by an attacker or when a man-in-the-middle (MITM) attack occurs. The vulnerability is remedied in version 1.27.0 of OpenTelemetry-cpp.
Affected Version(s)
opentelemetry-cpp < 1.27.0
