By weakness (CWE)

CWE-834: related vulnerabilities

CVEs classified under CWE-834. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2026-45680MEDIUM 5.9

    OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 contain a performance degradation vulnerability in their metrics collection pipeline. When systems experience high activity, the instrumentation replays recorded probe hits by iterating once per run count. On busy infrastructure, this run-count delta can grow very large, forcing the metrics exporter into a computationally expensive tight loop during each collection interval. The result is excessive CPU consumption that can degrade system performance. This is a denial-of-service condition rather than a confidentiality or integrity breach, but it directly impacts availability and operational efficiency.

  • CVE-2026-48156LOW 3.3

    pypdf, a popular open-source Python library for PDF handling, contains a vulnerability that allows an attacker to craft malicious PDF files that cause the library to consume excessive processing time during parsing. The issue stems from how pypdf processes cross-reference streams—a mechanism PDFs use to index internal objects—when they contain specific structural patterns. An attacker would need to trick a user or application into opening a specially crafted PDF, but once opened, the library can hang or freeze during PDF processing, resulting in a denial-of-service condition on that system.