Security Advisory

CVE-2026-41078

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-23 18:05:41
Last updated 2026-04-23 18:52:26
Assigner GitHub_M
State PUBLISHED

Description

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under high-cardinality or attacker-influenced telemetry input, this can increase memory consumption and potentially cause denial of service. There is no plan to fix this issue as OpenTelemetry.Exporter.Jaeger was deprecated in 2023.