CVE-2026-48504
OpenTelemetry Rust (CVE-2026-48504) concerns BaggagePropagator::extract_with_context in opentelemetry_sdk. In 0.32.0 and earlier, it did not enforce W3C Baggage size limits before parsing an inbound baggage header, allowing an attacker-controlled header to trigger unnecessary CPU work and short-l...