OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

Summary When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could encode an extremely large length-delimited protobuf field which was used...

EUVD-2026-25268

OpenTelemetry dotnet: Unbounded grpc-status-details-bin parsing in OTLP/gRPC retry handling...

CVE-2026-40891

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could...

CVE-2026-40891

OpenTelemetry dotnet (OpenTelemetry .NET telemetry framework) contains a vulnerability in versions 1.13.1 through before 1.15.2. During OTLP/gRPC export, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. A malformed trailer could encode a very large l...

Let’s use OpenTelemetry with Spring

Introduction In the dynamic realm of observability, OpenTelemetry is a new set of tools that emerged from the now-deprecated OpenCensus and OpenTracing projects. When it comes to Spring Framework, Spring Boot, Spring Data, and Spring Cloud observability, mature solutions like Micrometer, the de...