cvedb.io
CVE-2026-41310
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-05-06T22:16:25.643 · Last modified 2026-06-17T10:46:29.013

Summary

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spans could experience avoidable memory growth under sustained unique remote endpoint values, increasing process memory usage over time and degrading availability. This issue is fixed in version 1.15.3, which introduces a bounded, thread-safe LRU cache for remote endpoints with a fixed maximum size.

Affected products

opentelemetry — opentelemetry.exporter.zipkin

Does this affect you?

Add your gear to cvedb and we'll alert you only when opentelemetry ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.