CVE-2026-41078

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.Jaeger (affected versions not specified)

Description This issue allows sustained memory pressure when the internal pooled-list sizing grows based on a large observed span or tag set and that enlarged size is reused for subsequent allocations. In environments where telemetry attributes or events can be influenced by untrusted input and limits are increased from defaults, high-cardinality or attacker-influenced telemetry input can increase memory consumption, potentially leading to process instability or denial of service.

Recommendations Use maintained exporters, such as the OpenTelemetry Protocol format (OTLP), instead of the Jaeger exporter.