GHSA-962q-hwm5-52x5: OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals
Summary
OpenTelemetry eBPF Instrumentation has a memory leak in its `CappedConcurrentHashMap` class, which is used to track Java TLS connections. When entries are deleted from the map, the keys are not removed from an internal queue, causing the queue to grow indefinitely in systems with many short-lived connections. This can eventually cause the Java process to run out of memory.
Vulnerability Details
EPSS: 0.0%
Yes
May 18, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://github.com/advisories/GHSA-962q-hwm5-52x5
First tracked: May 18, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 72%