By weakness (CWE)
CWE-772: related vulnerabilities
CVEs classified under CWE-772. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-45287MEDIUM 5.5
OpenTelemetry-Go versions prior to 0.0.17 contain a resource leak that causes file descriptor exhaustion. When an application repeatedly parses OpenTelemetry schema files using the `ParseFile` function, each call opens a file but fails to close it. In a long-running service, an attacker who can trigger repeated schema parsing—such as by supplying attacker-controlled file paths—can exhaust the process's file descriptor limit, forcing a denial of service. The vulnerability requires the consuming application to expose schema parsing to external input; it is not a direct remote attack vector.