CVE-2026-50271
Datadog · dd-trace-py
Datadog dd-trace-py is susceptible to a resource exhaustion vulnerability due to a lack of limits on resource allocation.
Executive summary
A resource exhaustion vulnerability in the Datadog dd-trace-py Python APM client allows unauthenticated attackers to cause a denial of service.
Vulnerability
This vulnerability is caused by an improper implementation of resource allocation without limits or throttling (CWE-770). Unauthenticated attackers can leverage this flaw to trigger excessive resource consumption, leading to service instability or failure.
Business impact
Successful exploitation results in a denial of service, which can cause significant operational disruption by rendering the APM client unavailable. With a CVSS score of 7.5, this high-severity vulnerability poses a substantial risk to application monitoring capabilities and overall infrastructure stability.
Remediation
Immediate Action: Update the dd-trace-py library to version 4.8.2 or later to apply the necessary resource throttling protections.
Proactive Monitoring: Monitor application logs for abnormal resource usage spikes or recurring service crashes that may indicate exploitation attempts.
Compensating Controls: Implement infrastructure-level rate limiting or resource quotas on services utilizing the APM client to mitigate the impact of potential exhaustion attacks.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the potential for denial of service, administrators must prioritize updating the dd-trace-py client to version 4.8.2 immediately. Ensuring the library is patched is the only effective way to prevent resource exhaustion attacks against your monitoring infrastructure.