CVE-2026-45683

Published: Giu 02, 2026 Last Modified: Giu 02, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 3,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: changed
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_probe_read instead of bpf_probe_read_user. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. This issue has been patched in version 0.9.0.

127

Buffer Under-read

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Memory Bypass Protection Mechanism
Applicable Platforms
Languages: Memory-Unsafe, C, C++
View CWE Details
200

Exposure of Sensitive Information to an Unauthorized Actor

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Not Technology-Specific, Web Based, Mobile
Likelihood of Exploit: High
View CWE Details
https://github.com/open-telemetry/opentelemetry-ebpf-instru…
https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/t…
https://github.com/open-telemetry/opentelemetry-ebpf-instru…
https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/a…