CVE-2026-45683
LOWDescription
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_probe_read instead of bpf_probe_read_user. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. This issue has been patched in version 0.9.0.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| opentelemetry | ebpf_instrumentation |
References
Advisories & Patches
Exploits
Frequently Asked Questions
What is CVE-2026-45683? +
How severe is CVE-2026-45683? +
What products are affected by CVE-2026-45683? +
How do I check if I'm vulnerable to CVE-2026-45683? +
Related Vulnerabilities
No proper validation of the length of user input in http_server_get_content_type_from_extension.
Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between …
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote …
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the …