OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely rea…

CVE-2026-45686 affects OpenTelemetry eBPF Instrumentation versions 0.7.0 to before 0.9.0. A remotely reachable integer overflow vulnerability exists in the memcached text protocol parser that can crash the OBI process and cause denial of service. The vulnerability occurs when parsing memcached storage commands with extremely large byte values, causing integer overflow and runtime panic. Attackers can exploit this by sending crafted requests with byte values set to math.MaxInt or math.MaxInt-1. The issue has been patched in version 0.9.0.