cvedb.io
CVE-2026-45682
MEDIUM · CVSS 5.1
EPSS exploitation probability: 0%
Published 2026-06-02T16:16:42.897 · Last modified 2026-06-17T10:52:28.047

Summary

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. This issue has been patched in version 0.9.0.

Affected products

opentelemetry — ebpf_instrumentation

Does this affect you?

Add your gear to cvedb and we'll alert you only when opentelemetry ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.