By weakness (CWE)

CWE-775: related vulnerabilities

CVEs classified under CWE-775. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-45287MEDIUM 5.5

    OpenTelemetry-Go versions prior to 0.0.17 contain a resource leak that causes file descriptor exhaustion. When an application repeatedly parses OpenTelemetry schema files using the `ParseFile` function, each call opens a file but fails to close it. In a long-running service, an attacker who can trigger repeated schema parsing—such as by supplying attacker-controlled file paths—can exhaust the process's file descriptor limit, forcing a denial of service. The vulnerability requires the consuming application to expose schema parsing to external input; it is not a direct remote attack vector.