Vulnerability in Datadog .NET Tracer Affects Baggage Propagation
CVE-2026-50273
7.5HIGH
What is CVE-2026-50273?
The vulnerability in Datadog .NET Tracer allows remote unauthenticated attackers to exploit unbounded parsing of incoming baggage HTTP headers. Before version 3.43.0, the library did not enforce limits on the maximum items or bytes for the baggage values, leading to potential CPU and memory overload where baggage propagation is enabled. This issue, now resolved in version 3.43.0, underscores the importance of input validation in preventing resource exhaustion attacks.
Affected Version(s)
dd-trace-dotnet < 3.43.0
