CVE-2026-50273

DataDog · dd-trace-dotnet

A resource allocation vulnerability in DataDog dd-trace-dotnet allows for uncontrolled resource consumption due to the lack of proper limits or throttling.

Executive summary

The DataDog dd-trace-dotnet library contains a high-severity vulnerability that permits unauthenticated remote attackers to trigger denial of service conditions.

Vulnerability

This flaw is an uncontrolled resource consumption vulnerability (CWE-770) where the application fails to adequately throttle or limit incoming resource requests. The vulnerability is exploitable over the network without requiring authentication.

Business impact

Exploitation of this vulnerability can cause the application hosting the tracer to become unstable or crash, resulting in downtime for the monitored services. Given the CVSS score of 7.5, the impact is significant for environments relying on DataDog for performance monitoring, as the monitoring infrastructure itself becomes a vector for service disruption.

Remediation

Immediate Action: Update the Datadog.Trace and Datadog.Trace.OpenTracing NuGet packages to version 3.43.0 or later.

Proactive Monitoring: Monitor application logs for unexpected spikes in memory or CPU usage that correlate with incoming network requests to the tracing endpoints.

Compensating Controls: Utilize a Web Application Firewall to inspect and filter traffic directed at application endpoints that utilize the dd-trace-dotnet library.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Security teams should update the affected NuGet packages immediately to version 3.43.0. Ensuring that monitoring libraries are kept up to date is essential to maintaining the stability of the observability pipeline.