CVE-2026-45682

Published: Giu 02, 2026 Last Modified: Giu 02, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,1
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. This issue has been patched in version 0.9.0.

401

Missing Release of Memory after Effective Lifetime

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Instability Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Reduce Performance
Applicable Platforms
Languages: Not Language-Specific, C, C++
Likelihood of Exploit: Medium
View CWE Details
770

Allocation of Resources Without Limits or Throttling

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
https://github.com/open-telemetry/opentelemetry-ebpf-instru…
https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/t…
https://github.com/open-telemetry/opentelemetry-ebpf-instru…
https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/a…