What is CVE-2026-45679?

CVE-2026-45679 is a medium-severity vulnerability in Open-telemetry Opentelemetry-ebpf-instrumentation, classified under Improper Output Neutralization for Logs. CVSS score: 6.5/10. Published 2026-06-02.

How severe is CVE-2026-45679?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Information disclosure in Open-telemetry Opentelemetry-ebpf-instrumentation

CVE-2026-45679

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-con…

EPSS: 0.000 (8.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Open-telemetry Opentelemetry-ebpf-instrumentation — versions < 0.9.0
Opentelemetry Ebpf_instrumentation

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)
security-advisories@github.com (Product, x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2026-45679?: CVE-2026-45679 is a medium-severity vulnerability in Open-telemetry Opentelemetry-ebpf-instrumentation, classified under Improper Output Neutralization for Logs. CVSS score: 6.5/10. Published 2026-06-02.
How severe is CVE-2026-45679?: Medium severity. CVSS v3 base score is 6.5 out of 10.