By vendor

Opentelemetry vulnerabilities

Known CVEs affecting Opentelemetry products, prioritized by severity, with SEC.co remediation and detection guidance.

1 published vulnerability

  • CVE-2026-41178MEDIUM 5.3

    OpenTelemetry-Go versions 1.41.0 and 1.43.0 contain a denial-of-service vulnerability in their baggage header parsing logic. The removal of size validation allows attackers to send oversized or malformed baggage headers that cause the application to process arbitrarily large inputs, log excessive errors, and potentially exhaust system resources. This is a network-accessible vulnerability requiring no authentication, making it exploitable by any remote actor.