OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assum…

CVE-2026-45678 affects OpenTelemetry eBPF Instrumentation prior to version 0.9.0. The vulnerability exists in the Postgres protocol parser which incorrectly assumes BIND message payloads contain valid NUL-terminated portal names. An attacker can craft empty or unterminated payloads that cause the application to slice beyond captured buffer boundaries, resulting in a panic condition. This buffer overflow vulnerability could potentially lead to denial of service attacks against systems using the affected instrumentation. The issue has been resolved in version 0.9.0 with proper payload validation.