What is CVE-2026-45680?

CVE-2026-45680 is a medium-severity vulnerability in Open-telemetry Opentelemetry-ebpf-instrumentation, classified under Uncontrolled Resource Consumption. CVSS score: 5.9/10. Published 2026-06-02.

How severe is CVE-2026-45680?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Resource exhaustion in Open-telemetry Opentelemetry-ebpf-instrumentation

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, t…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.000 (12.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Open-telemetry Opentelemetry-ebpf-instrumentation — versions < 0.9.0
Opentelemetry Ebpf_instrumentation

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)
security-advisories@github.com (Product, x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2026-45680?: CVE-2026-45680 is a medium-severity vulnerability in Open-telemetry Opentelemetry-ebpf-instrumentation, classified under Uncontrolled Resource Consumption. CVSS score: 5.9/10. Published 2026-06-02.
How severe is CVE-2026-45680?: Medium severity. CVSS v3 base score is 5.9 out of 10.