A vulnerability marked as problematic has been reported in open-telemetry opentelemetry-js up to 2.7.x . This issue affects the function W3CBaggagePropagator.extract . The manipulation leads to allocation of resources. This vulnerability is documented as CVE-2026-54285 . The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.