CVE-2026-45680: CWE-400: Uncontrolled Resource Consumption in open-telemetry opentelemetry-ebpf-instrumentation
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop every collection interval. This issue has been patched in version 0.9.0.
AI Analysis
Technical Summary
OpenTelemetry eBPF Instrumentation versions before 0.9.0 replay BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can grow very large, causing excessive CPU usage in a tight loop during each metrics collection interval. This uncontrolled resource consumption (CWE-400) can degrade system availability. The issue has been patched in version 0.9.0.
Potential Impact
The vulnerability leads to high CPU consumption during metrics collection on busy systems, potentially causing performance degradation or denial of service conditions. There is no impact on confidentiality or integrity of data.
Mitigation Recommendations
Upgrade to open-telemetry opentelemetry-ebpf-instrumentation version 0.9.0 or later where this issue is patched. Patch status is confirmed by the vendor's versioning information. No other mitigations are specified.
CVE-2026-45680: CWE-400: Uncontrolled Resource Consumption in open-telemetry opentelemetry-ebpf-instrumentation
Description
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop every collection interval. This issue has been patched in version 0.9.0.
CVSS v3.1
Score 5.9medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenTelemetry eBPF Instrumentation versions before 0.9.0 replay BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can grow very large, causing excessive CPU usage in a tight loop during each metrics collection interval. This uncontrolled resource consumption (CWE-400) can degrade system availability. The issue has been patched in version 0.9.0.
Potential Impact
The vulnerability leads to high CPU consumption during metrics collection on busy systems, potentially causing performance degradation or denial of service conditions. There is no impact on confidentiality or integrity of data.
Mitigation Recommendations
Upgrade to open-telemetry opentelemetry-ebpf-instrumentation version 0.9.0 or later where this issue is patched. Patch status is confirmed by the vendor's versioning information. No other mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-12T21:59:25.667Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1efb6ae29bf47b50db3b34
Added to database: 6/2/2026, 3:48:58 PM
Last enriched: 6/2/2026, 4:04:50 PM
Last updated: 6/3/2026, 5:08:09 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.