CVE-2026-50274
DataDog · dd-trace-go
Datadog dd-trace-go versions prior to 2.8.1 are vulnerable to resource exhaustion due to a lack of limits on allocated resources.
Executive summary
A resource exhaustion vulnerability in Datadog dd-trace-go prior to version 2.8.1 could allow an unauthenticated attacker to cause a denial of service.
Vulnerability
The library suffers from an allocation of resources without proper limits or throttling, classified as CWE-770. An unauthenticated attacker can trigger this flaw over the network to exhaust system resources, leading to a denial of service.
Business impact
Exploitation of this vulnerability can lead to service outages and system instability, impacting the availability of applications utilizing the affected library. With a CVSS score of 7.5, this high-severity issue could disrupt critical monitoring and performance tracking capabilities.
Remediation
Immediate Action: Update the dd-trace-go library to version 2.8.1 or later to implement necessary resource throttling.
Proactive Monitoring: Monitor application resource utilization, specifically memory and CPU usage, for spikes that may indicate an ongoing denial of service attempt.
Compensating Controls: Utilize rate limiting at the network edge or application gateway to prevent excessive requests from reaching the vulnerable library functions.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Organizations using the dd-trace-go library should immediately update to version 2.8.1 to eliminate the resource exhaustion vulnerability. Given the ease of triggering such flaws, timely patching is essential to maintain service availability.