What is CVE-2026-45684?

CVE-2026-45684 is a medium-severity vulnerability in Open-telemetry Opentelemetry-ebpf-instrumentation, classified under Buffer Over-read. CVSS score: 4.9/10. Published 2026-06-02.

How severe is CVE-2026-45684?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Buffer overflow in Open-telemetry Opentelemetry-ebpf-instrumentation

CVE-2026-45684

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using…

EPSS: 0.000 (2.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Open-telemetry Opentelemetry-ebpf-instrumentation — versions >= 0.7.0, < 0.9.0
Opentelemetry Ebpf_instrumentation

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)
security-advisories@github.com (Product, x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2026-45684?: CVE-2026-45684 is a medium-severity vulnerability in Open-telemetry Opentelemetry-ebpf-instrumentation, classified under Buffer Over-read. CVSS score: 4.9/10. Published 2026-06-02.
How severe is CVE-2026-45684?: Medium severity. CVSS v3 base score is 4.9 out of 10.