{"data":{"id":"335cf1aa-e006-47b4-a9e1-786a26f4b516","title":"GHSA-962q-hwm5-52x5: OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals","summary":"OpenTelemetry eBPF Instrumentation has a memory leak in its `CappedConcurrentHashMap` class, which is used to track Java TLS connections. When entries are deleted from the map, the keys are not removed from an internal queue, causing the queue to grow indefinitely in systems with many short-lived connections. This can eventually cause the Java process to run out of memory.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-962q-hwm5-52x5","publishedAt":"2026-05-18T20:17:33.000Z","cveId":"CVE-2026-45682","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["go.opentelemetry.io/obi@< 0.9.0 (fixed: 0.9.0)"],"affectedVendors":[],"affectedVendorsRaw":["OpenTelemetry"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-18T20:17:33.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}