Back to CVE List

CVE-2026-45287

LOW SEVERITY

Vulnerability Description

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens the schema file and passes it to `Parse` without closing it; repeated parsing in a long-running process can exhaust the process file descriptor limit and cause denial of service. Exploitation depends on a consuming application exposing repeated schema parsing to an attacker-controlled path. Version 0.0.17 contains a patch for the issue.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-772
Source
GitHub
Vendor
go
Product
go.opentelemetry.io/otel/schema/v1.1

External References

Discussion (0)

Add Comment

No comments yet. Be the first!