eBPF Instrumentation Vulnerability in OpenTelemetry by OpenTelemetry
CVE-2026-45676

5.5MEDIUM

Key Information:

Vendor: Open-telemetry
Status: Opentelemetry-ebpf-instrumentation
Vendor: CVE Published:; 2 June 2026

🔔 Create Open-telemetry Vulnerability Alert

What is CVE-2026-45676?

The OpenTelemetry eBPF Instrumentation features a flaw in its ELF parsing mechanism, where it improperly trusts section offsets and string offsets derived from executable files. This can lead to scenarios where a specially crafted local ELF file prompts the instrumentation to dereference corrupted section pointers or improperly access sections of string tables. As a consequence, this vulnerability can cause the instrumentation agent to experience unexpected shutdowns while it attempts to ascertain the process language. The issue has been resolved in version 0.9.0, providing users a timely solution to enhance their application security.

Affected Version(s)

opentelemetry-ebpf-instrumentation < 0.9.0

References

https://github.com/open-telemetry/opentelemetry-ebpf-inst...

x_refsource_CONFIRM

https://github.com/open-telemetry/opentelemetry-ebpf-inst...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45676 Data

JSON