CVE-2026-41310

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.Zipkin versions prior to 1.15.3

Description The remote endpoint cache in the Zipkin exporter accepts unbounded key growth derived from span attributes. In high-cardinality scenarios—situations where there is a large number of unique values—a process using Zipkin export for client or producer spans may experience continuous memory growth under sustained unique remote endpoint values, which increases memory usage over time and degrades availability.

Recommendations Update to version 1.15.3.

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2026-41310

GHSA-88HF-WF7H-7W4M

Affected Products

Opentelemetry.Exporter.Zipkin

CVE-2026-41310

Weakness Enumeration

Related Identifiers

Affected Products

References · 11