CVE-2026-50271

Datadog · dd-trace-py

Datadog dd-trace-py is susceptible to a resource exhaustion vulnerability due to a lack of limits on resource allocation.

Executive summary

A resource exhaustion vulnerability in the Datadog dd-trace-py Python APM client allows unauthenticated attackers to cause a denial of service.

Vulnerability

This vulnerability is caused by an improper implementation of resource allocation without limits or throttling (CWE-770). Unauthenticated attackers can leverage this flaw to trigger excessive resource consumption, leading to service instability or failure.

Business impact

Successful exploitation results in a denial of service, which can cause significant operational disruption by rendering the APM client unavailable. With a CVSS score of 7.5, this high-severity vulnerability poses a substantial risk to application monitoring capabilities and overall infrastructure stability.

Remediation

Immediate Action: Update the dd-trace-py library to version 4.8.2 or later to apply the necessary resource throttling protections.

Proactive Monitoring: Monitor application logs for abnormal resource usage spikes or recurring service crashes that may indicate exploitation attempts.

Compensating Controls: Implement infrastructure-level rate limiting or resource quotas on services utilizing the APM client to mitigate the impact of potential exhaustion attacks.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the potential for denial of service, administrators must prioritize updating the dd-trace-py client to version 4.8.2 immediately. Ensuring the library is patched is the only effective way to prevent resource exhaustion attacks against your monitoring infrastructure.