4 matches found
CVE-2026-45292
The CVE-2026-45292 issue affects OpenTelemetry Java components: baggage propagation in opentelemetry-api and opentelemetry-extension-trace-propagators prior to 1.62.0. The vulnerability arises from parsing oversized baggage, causing unbounded memory allocation and high CPU usage, with baggage re-...
CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation
opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...
be.vlaanderen.informatievlaanderen.ldes.ldio:ldio-application (=2.12.0), be.vlaanderen.informatievlaanderen.vsds:ldes-server-admin (>=2.10.0 <=3.4.0) +556 more potentially affected by CVE-2026-45292 via io.opentelemetry:opentelemetry-extension-trace-propagators (>=0.7.0 <=1.61.0)
io.opentelemetry:opentelemetry-extension-trace-propagators MAVEN version =0.7.0, =2.10.0, =3.6.0, =1.1.0, =2.10.0, =2.10.0, =2.10.0, =3.0.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.4.0 - br.com.sawcunhaos:scos-foundation-security =1.1.0 - ch.admin.bit.jeap:jeap-archrepo-dbsc...
ai.agentican:agentican-quarkus-otel (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-otel-store-jpa (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +10807 more potentially affected by CVE-2026-45292 via io.opentelemetry:opentelemetry-api (>=0.2.0 <=1.61.0)
io.opentelemetry:opentelemetry-api MAVEN version =0.2.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.21.0-alpha.2, =0.1.1, =0.1.1, =0.1.1, =0.0.1, =3.10.0.5, =1.0.0, =1.0.0, =0.3.0, =1.0.0, =1.0.0-beta, =1.0.0-beta-preview7 and more Source cves: CVE-2026-45292 Source...