A vulnerability has been found in open-telemetry opentelemetry-go up to 1.42.x and classified as problematic . Impacted is an unknown function of the file traces/metrics/logs of the component Configured Collector Endpoint . The manipulation leads to uncontrolled memory allocation. This vulnerability is documented as CVE-2026-39882 . The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.