CVE-2026-42191— OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42191
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath() when OTEL_DOTNET_EXPERIMENTAL_OTLP_RETRY=disk was set but OTEL_DOTNET_EXPERIMENTAL_OTLP_DISK_RETRY_DIRECTORY_PATH was not configured. The exporter stored and loaded *.blob files under fixed, signal-named subdirectories (traces, metrics, logs) beneath that shared temporary root path. On multi-user systems where the temporary directory is accessible to other local accounts, this allows an attacker to write crafted *.blob files, read *.blob files written by the application between export failures, or deposit numerous or oversized blob files, degrading retry-loop performance or consuming disk space. This vulnerability is fixed in 1.15.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在具有不安全权限的目录中创建临时文件
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenTelemetry .NET Contrib 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenTelemetry .NET Contrib是OpenTelemetry - CNCF开源的一个开源遥测数据收集与处理工具库。 OpenTelemetry .NET Contrib 1.8.0版本至1.15.2版本存在安全漏洞,该漏洞源于OTLP磁盘重试功能回退到临时路径,可能导致攻击者读写blob文件或消耗磁盘空间。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| open-telemetry | opentelemetry-dotnet | >= 1.8.0, < 1.15.3 | - |
II. Public POCs for CVE-2026-42191
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42191
请登录查看更多情报信息。
- https://github.com/open-telemetry/opentelemetry-dotnet/pull/7106x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-42191
IV. Related Vulnerabilities
Same product: opentelemetry-dotnet
- CVE-2026-41310
OpenTelemetry .NET Zipkin exporter has unbounded remote endp - CVE-2026-41078
OpenTelemetry dotnet: Potential memory exhaustion via unboun - CVE-2026-40894
OpenTelemetry dotnet: Excessive memory allocation when parsi - CVE-2026-40891
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` pa - CVE-2026-40182
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP res
Same vendor: open-telemetry
- CVE-2026-42602
azureauthextension Authenticate method does not validate bea - CVE-2026-42348
OpAMP client reads unbounded HTTP response bodies - CVE-2026-41484
OpenTelemetry.Exporter.OneCollector vulnerable to denial of - CVE-2026-41483
Unbounded HTTP response body read in OpenTelemetry.Resources - CVE-2026-41310
OpenTelemetry .NET Zipkin exporter has unbounded remote endp
V. Comments for CVE-2026-42191
No comments yet