Cyber Resilience

CVE-2026-45686

HighPublic PoC

Published: 02 June 2026

Published
02 June 2026
Modified
03 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0031 22.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-45686 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Opentelemetry Ebpf Instrumentation. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 22.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When…

more

parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large <bytes> values and adds the payload delimiter length without checking for overflow. A crafted request with <bytes> set to math.MaxInt or math.MaxInt-1 causes the computed payload length to wrap negative and triggers a runtime panic in LargeBufferReader.Peek. This issue has been patched in version 0.9.0.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-45680Same product: Opentelemetry Ebpf Instrumentation
CVE-2026-45685Same product: Opentelemetry Ebpf Instrumentation
CVE-2026-45678Same product: Opentelemetry Ebpf Instrumentation
CVE-2026-42602Same vendor: Opentelemetry
CVE-2026-29181Same vendor: Opentelemetry
CVE-2026-41433Same vendor: Opentelemetry
CVE-2026-41602Shared CWE-190
CVE-2026-4775Shared CWE-190
CVE-2026-21347Shared CWE-190
CVE-2026-34644Shared CWE-190

Affected Assets

opentelemetry
ebpf instrumentation
0.7.0 — 0.9.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References