OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely rea…

CVE-2026-45686 affects OpenTelemetry eBPF Instrumentation versions 0.7.0 to before 0.9.0. The vulnerability is a remotely reachable integer overflow in the memcached text protocol parser that can crash the OBI process and cause denial of service. When parsing memcached storage commands (set, add, replace, append, prepend, cas), the parser accepts extremely large byte values without overflow checking. Crafted requests with bytes set to math.MaxInt or math.MaxInt-1 cause the payload length to wrap negative and trigger a runtime panic in LargeBufferReader.Peek. The issue has been patched in version 0.9.0.