Ghostwire

CVE-2026-42191: OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

MEDIUM CVSS 6.5 Exploit Available

Published: April 30, 2026 | Last Modified: April 30, 2026

Description

OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-4625-4j7
github.com/open-telemetry/opentelemetry-dotnet/pull/7106
github.com/open-telemetry/opentelemetry-dotnet/commit/78dffdc5ebdf3dc090fdb94e3f
github.com/advisories/GHSA-4625-4j76-fww9
www.tenable.com/cve/CVE-2026-42191
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-42191
nvd.nist.gov/vuln/detail/CVE-2026-42191