Package impact
NuGet / OpenTelemetry.Exporter.OpenTelemetryProtocol
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42191 | high | 7.8 | 7.8 | 17d ago | OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter | |||
| CVE-2026-40182 | medium | 5.9 | 5.9 | 1mo ago | OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies | |||
| CVE-2026-40891 | medium | 5.3 | 5.3 | 1mo ago | OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling |