Vulnerability Details CVE-2026-41310
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spans could experience avoidable memory growth under sustained unique remote endpoint values, increasing process memory usage over time and degrading availability. This issue is fixed in version 1.15.3, which introduces a bounded, thread-safe LRU cache for remote endpoints with a fixed maximum size.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.9%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2026-41310
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:0.3.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:0.4.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:0.5.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:0.6.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:0.7.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:0.8.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.0.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.0.1
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.1.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.10.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.11.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.11.1
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.11.2
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.12.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.13.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.13.1
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.14.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.15.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.15.1
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.15.2
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.2.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.3.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.4.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.5.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.5.1
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.6.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.7.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.8.0
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.8.1
-
cpe:2.3:a:opentelemetry:opentelemetry.exporter.zipkin:1.9.0