CVE-2026-45681

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
02/06/2026
Last modified:
03/06/2026

Description

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry. This issue has been patched in version 0.9.0.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:opentelemetry:ebpf_instrumentation:*:*:*:*:*:go:*:* 0.9.0 (excluding)