{"data":{"id":"117072f8-57ae-4c3a-82f7-07ff2d8635d9","title":"GHSA-38h3-2333-qx47: OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path","summary":"OpenTelemetry.Exporter.Jaeger has a memory exhaustion vulnerability where internal pooled lists (reusable memory structures) can grow too large based on big payloads and stay oversized for future use, potentially causing denial of service (making a system unavailable). However, the developers have no plans to fix this because the Jaeger exporter was deprecated in 2023.","solution":"Prefer maintained exporters (for example OpenTelemetry Protocol format (OTLP)) instead of the Jaeger exporter.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-38h3-2333-qx47","publishedAt":"2026-04-18T01:05:12.000Z","cveId":"CVE-2026-41078","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["OpenTelemetry.Exporter.Jaeger@<= 1.6.0-rc.1"],"affectedVendors":[],"affectedVendorsRaw":["OpenTelemetry"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-18T01:05:12.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}