216.73.217.6

CVE-2026-44967

· Published 12/06/2026 18:16 · Modified 12/06/2026 17:16 · Author: The MITRE Corporation

Labels: CVE-2026-44967 2026-06-12CVE-2026-44967CWE-789[email protected]

Essential information

Published
12/06/2026 18:16
Modified
12/06/2026 17:16
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CWE-789
EPSS (First)
P5.7% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00020)
CVSS vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can MITM the exporter connection). This vulnerability is fixed in opentelemetry-cpp release 1.27.0.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
opentelemetry / opentelemetry-cpp cpe:2.3:a:opentelemetry:opentelemetry-cpp:<1.27.0:*:*:*:*:*:*:*

References