CVE-2026-40182

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry .NET Contrib prior to 1.15.0 contain security vulnerabilities. These vulnerabilities stem from the HttpJsonPostTransport class, which allows...

EUVD-2026-25269

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers...

CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

CVE-2026-40894

OpenTelemetry dotnet vulnerable versions: OpenTelemetry.Api 0.5.0-beta.2–1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1–1.15.2 contain code paths for baggage, B3 and Jaeger processing that can allocate excessive memory when parsing propagation headers, potentially leading to a DoS. The iss...

CVE-2026-40891 OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could...

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

CVE-2026-40182

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

CVE-2026-40182

OpenTelemetry dotnet OTLP exporter (versions 1.13.1–1.15.1) is affected. When exporting via gRPC/HTTP and the response status is 4xx/5xx, the client reads the entire HTTP response body into memory without an upper bound. This can cause memory exhaustion in the consuming application if the back-en...

PT-2026-34708

Name of the Vulnerable Software and Affected Versions OpenTelemetry dotnet versions 1.13.1 through 1.15.1 Description When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided 'grpc-status-details-bin' trailer during retry handling. A...

OpenTelemetry .NET 安全漏洞

OpenTelemetry .NET is the .NET client of OpenTelemetry developed by OpenTelemetry Inc. OpenTelemetry .NET versions 1.6.0-rc.1 and earlier have a security vulnerability. This vulnerability arises from the internal pooling list size growing due to a large number of spans/tags, which may lead to...

PT-2026-34707

Name of the Vulnerable Software and Affected Versions OpenTelemetry dotnet versions 1.13.1 through 1.15.1 Description When exporting telemetry to a back-end or collector over gRPC or HTTP using the OpenTelemetry Protocol OTLP format, unsuccessful requests HTTP 4xx or 5xx result in the response...

EUVD-2025-6151

Malicious code in bioql PyPI...

EUVD-2024-1310

Malicious code in bioql PyPI...

CVE-2024-32028

OpenTelemetry dotnet has a vulnerability in OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore where url.full and url.query values were written to spans, potentially exposing sensitive data. Affected versions prior to 1.8.1 pass the raw query string; 1.8.1 and later r...

CVE-2024-32028 Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore

OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore the url.full writes attribute/tag on spans Activity when tracing is enabled for outgoing http requests and...