CVE-2026-45681

Published: Giu 02, 2026 Last Modified: Giu 02, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry. This issue has been patched in version 0.9.0.

125

Out-of-bounds Read

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Availability Other
Potential Impacts:
Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context
Applicable Platforms
Languages: Memory-Unsafe, C, C++
Technologies: ICS/OT
View CWE Details
130

Improper Handling of Length Parameter Inconsistency

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity
Potential Impacts:
Read Memory Modify Memory Varies By Context
Applicable Platforms
Languages: C, C++, Not Language-Specific
View CWE Details
https://github.com/open-telemetry/opentelemetry-ebpf-instru…
https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/t…
https://github.com/open-telemetry/opentelemetry-ebpf-instru…
https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/a…