Package impact

Go / go.opentelemetry.io/obi

CVE	Severity	CVSS	Risk	Published	Description
CVE-2026-41433	high	8.4	8.4	1mo ago	OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR
CVE-2026-45686	high	—	8.0	10d ago	OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI
CVE-2026-45685	high	—	8.0	10d ago	OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages
CVE-2026-45678	high	—	8.0	10d ago	OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads
CVE-2026-45684	medium	—	5.5	10d ago	OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers
CVE-2026-45682	medium	—	5.5	10d ago	OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals
CVE-2026-45681	medium	—	5.5	10d ago	OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size
CVE-2026-45680	medium	—	5.5	10d ago	OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU
CVE-2026-45679	medium	—	5.5	10d ago	OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages
CVE-2026-45676	medium	—	5.5	10d ago	OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent
CVE-2026-45683	low	—	2.5	10d ago	OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure