{"data":{"id":"92b63518-1e9d-4745-9eda-46ae743bc238","title":"GHSA-8rrq-wcg8-cv5q: OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages","summary":"OpenTelemetry eBPF Instrumentation (OBI) exports unfiltered error messages from Redis directly into span status messages, which are then sent to telemetry backends (systems that collect and store trace data). This means sensitive information like tokens or passwords that appear in Redis errors could be leaked into monitoring systems, and attackers could inject malicious text into these systems.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-8rrq-wcg8-cv5q","publishedAt":"2026-05-18T17:56:15.000Z","cveId":"CVE-2026-45679","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":["go.opentelemetry.io/obi@< 0.9.0 (fixed: 0.9.0)"],"affectedVendors":[],"affectedVendorsRaw":["OpenTelemetry"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-18T17:56:15.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}