CVE-2026-42191 OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

CVE-2026-42191

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

CVE-2026-42191 OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

CVE-2026-42191

OpenTelemetry.Exporter.OpenTelemetryProtocol (OTLP exporter) Vulnerability: from 1.8.0 through 1.15.2, when OTEL_DOTNET_EXPERIMENTAL_OTLP_RETRY=disk is used without OTEL_DOTNET_EXPERIMENTAL_OTLP_DISK_RETRY_DIRECTORY_PATH, the retry storage root is resolved with Path.GetTempPath(). The exporter st...

PT-2026-36819

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.OpenTelemetryProtocol versions 1.8.0 through 1.15.2 Description The OTLP disk retry feature silently falls back to Path.GetTempPath when OTEL DOTNET EXPERIMENTAL OTLP RETRY is set to disk but OTEL DOTNET EXPERIMENTAL OTL...

GHSA-Q834-8QMM-V933 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause memory...

CVE-2026-40182

OpenTelemetry dotnet OTLP exporter (versions 1.13.1–1.15.1) is affected. When exporting via gRPC/HTTP and the response status is 4xx/5xx, the client reads the entire HTTP response body into memory without an upper bound. This can cause memory exhaustion in the consuming application if the back-en...

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

...

PT-2026-3508

Name of the Vulnerable Software and Affected Versions Swift W3C TraceContext versions prior to 1.0.0-beta.5 Swift OTel versions prior to 1.0.4 Description A flaw exists in Swift W3C TraceContext and Swift OTel due to insufficient input validation. This can lead to a denial-of-service condition,...

An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.

...