{"data":{"id":"db4b5ca6-50f8-46e3-a931-216961541dc8","title":"GHSA-995v-fvrw-c78m: opentelemetry-go's Schema ParseFile leaks file descriptors on each parse","summary":"OpenTelemetry Go's `ParseFile` function has a file descriptor leak (a reference to an open file that is never closed), where each call to parse a schema file leaves the file open in memory. In a long-running application that repeatedly parses schema files, these open files can accumulate until the process runs out of available file descriptors and crashes, causing a denial of service (unavailability).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-995v-fvrw-c78m","publishedAt":"2026-05-28T17:19:10.000Z","cveId":"CVE-2026-45287","cweIds":null,"cvssScore":null,"cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["go.opentelemetry.io/otel/schema/v1.0@<= 0.0.16 (fixed: 0.0.17)","go.opentelemetry.io/otel/schema/v1.1@<= 0.0.16 (fixed: 0.0.17)"],"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-28T17:19:10.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}