CVE-2026-42191

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.OpenTelemetryProtocol versions 1.8.0 through 1.15.2

Description The OTLP disk retry feature silently falls back to Path.GetTempPath() when OTEL DOTNET EXPERIMENTAL OTLP RETRY is set to disk but OTEL DOTNET EXPERIMENTAL OTLP DISK RETRY DIRECTORY PATH is not configured. The exporter stores and loads *.blob files under fixed subdirectories (traces, metrics, logs) within that shared temporary root path. On multi-user systems where the temporary directory is accessible to other local accounts, this allows an attacker to write crafted *.blob files, which the OtlpExporterPersistentStorageTransmissionHandler() function then forwards to the OTLP endpoint under the application's identity. Additionally, attackers can read *.blob files to recover encoded telemetry payloads or deposit numerous oversized files to consume disk space and degrade retry-loop performance.

Recommendations Update to version 1.15.3. Configure a dedicated directory with strict ACL/ownership and least privilege for OTEL DOTNET EXPERIMENTAL OTLP DISK RETRY DIRECTORY PATH to ensure it is not shared across users. Avoid enabling disk retry in shared environments.