Description

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3.

INFO

Published Date :

2026-04-23T18:03:28.211Z

Last Modified :

2026-04-23T19:22:47.268Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40894 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40894.

URL Resource
https://github.com/open-telemetry/opentelemetry-dotnet/pull/1048 cve-icon cve-icon
https://github.com/open-telemetry/opentelemetry-dotnet/pull/3244 cve-icon cve-icon
https://github.com/open-telemetry/opentelemetry-dotnet/pull/3309 cve-icon cve-icon
https://github.com/open-telemetry/opentelemetry-dotnet/pull/533 cve-icon cve-icon
https://github.com/open-telemetry/opentelemetry-dotnet/pull/7061 cve-icon cve-icon
https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-g94r-2vxg-569j cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact