CVE-2026-23886

Name of the Vulnerable Software and Affected Versions Swift W3C TraceContext versions prior to 1.0.0-beta.5 Swift OTel versions prior to 1.0.4

Description A flaw exists in Swift W3C TraceContext and Swift OTel due to insufficient input validation. This can lead to a denial-of-service condition, potentially crashing the service when processing malformed HTTP headers. The issue arises from data received over the network, such as when used with an HTTP server. A workaround involves disabling either Swift OTel or the code responsible for extracting trace information from incoming headers.

Recommendations Update Swift W3C TraceContext to version 1.0.0-beta.5 or later. Update Swift OTel to version 1.0.4 or later. As a temporary workaround, disable Swift OTel. As a temporary workaround, disable the code that extracts trace information from incoming headers.