CVE-2026-45287

Published: Giu 04, 2026 Last Modified: Giu 04, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,1
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens the schema file and passes it to `Parse` without closing it; repeated parsing in a long-running process can exhaust the process file descriptor limit and cause denial of service. Exploitation depends on a consuming application exposing repeated schema parsing to an attacker-controlled path. Version 0.0.17 contains a patch for the issue.

772

Missing Release of Resource after Effective Lifetime

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Other) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Cpu)
Applicable Platforms
Technologies: Mobile
Likelihood of Exploit: High
View CWE Details
775

Missing Release of File Descriptor or Handle after Effective Lifetime

Incomplete
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Other)
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/open-telemetry/opentelemetry-go/commit/e…
https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd…
https://github.com/open-telemetry/opentelemetry-go/commit/f…
https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d657…
https://github.com/open-telemetry/opentelemetry-go/security…
https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995…