GHSA-w2jh-77fq-7gp8: OpAMP client reads unbounded HTTP response bodies
Summary
The OpAMP client (a component for managing telemetry agents) reads HTTP responses without limiting how much data it accepts, which could allow an attacker controlling the server to send extremely large responses and exhaust the application's memory, causing it to crash. This vulnerability only affects applications where the OpAMP server is untrusted or could be intercepted by a network attacker.
Solution / Mitigation
Update to the patched version: pull request #4116 updates the OpAMP client HTTP transport to limit the maximum size of responses to 128KB, preventing unbounded memory consumption.
Vulnerability Details
EPSS: 0.0%
Yes
May 5, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://github.com/advisories/GHSA-w2jh-77fq-7gp8
First tracked: May 5, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%