CVE-2026-45287EPSS p7.2%

CVE-2026-45287CVE-2026-45287

opentelemetry / telemetry_schema_files

Description

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens the schema file and passes it to `Parse` without closing it; repeated parsing in a long-running process can exhaust the process file descriptor limit and cause denial of service. Exploitation depends on a consuming application exposing repeated schema parsing to an attacker-controlled path. Version 0.0.17 contains a patch for the issue.

Scoring

CVSS 5.5 ()
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS0.18% probability of exploitation · percentile 7.2% · 2026-06-19T12:03:05Z
Last modified2026-06-18

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41178
CVE
CVE-2026-45683
CVE
CVE-2026-45684
CVE
CVE-2026-45685
CVE
CVE-2026-45676
CVE
CVE-2026-45686
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.