CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

🗓️ 23 Apr 2026 18:03:28Reported by GitHub_MType

Excessive memory allocation when parsing propagation headers in OpenTelemetry dotnet could cause DoS.

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2026-40894	23 Apr 202618:03	–	attackerkb
Chainguard	CVE-2026-40894 vulnerabilities	28 Apr 202613:17	–	cgr
Circl	CVE-2026-40894	25 Apr 202603:10	–	circl
CNNVD	OpenTelemetry .NET 安全漏洞	23 Apr 202600:00	–	cnnvd
CVE	CVE-2026-40894	23 Apr 202618:03	–	cve
EUVD	EUVD-2026-25269	23 Apr 202621:43	–	euvd
Github Security Blog	OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers	23 Apr 202621:43	–	github
NVD	CVE-2026-40894	23 Apr 202619:17	–	nvd
OSV	CGA-FFR3-2HWJ-QVRG	28 Apr 202610:30	–	osv
OSV	GHSA-G94R-2VXG-569J OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers	23 Apr 202621:43	–	osv

[
  {
    "vendor": "open-telemetry",
    "product": "opentelemetry-dotnet",
    "versions": [
      {
        "version": ">= 0.5.0-beta.2, < 1.15.3",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "open-telemetry",
    "product": "OpenTelemetry.Api",
    "versions": [
      {
        "version": ">= 0.5.0-beta.2, < 1.15.3",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "open-telemetry",
    "product": "OpenTelemetry.Extensions.Propagators",
    "versions": [
      {
        "version": ">= 1.3.1, < 1.15.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/open-telemetry/opentelemetry-dotnet/pull/533
github	www.github.com/open-telemetry/opentelemetry-dotnet/pull/7061
github	www.github.com/open-telemetry/opentelemetry-dotnet/pull/3309
github	www.github.com/open-telemetry/opentelemetry-dotnet/pull/1048
github	www.github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-g94r-2vxg-569j
github	www.github.com/open-telemetry/opentelemetry-dotnet/pull/3244

23 Apr 2026 18:03Current

CVSS 3.15.3

EPSS0.00458

CWE-789