CVE-2026-50274

DataDog · dd-trace-go

Datadog dd-trace-go versions prior to 2.8.1 are vulnerable to resource exhaustion due to a lack of limits on allocated resources.

Executive summary

A resource exhaustion vulnerability in Datadog dd-trace-go prior to version 2.8.1 could allow an unauthenticated attacker to cause a denial of service.

Vulnerability

The library suffers from an allocation of resources without proper limits or throttling, classified as CWE-770. An unauthenticated attacker can trigger this flaw over the network to exhaust system resources, leading to a denial of service.

Business impact

Exploitation of this vulnerability can lead to service outages and system instability, impacting the availability of applications utilizing the affected library. With a CVSS score of 7.5, this high-severity issue could disrupt critical monitoring and performance tracking capabilities.

Remediation

Immediate Action: Update the dd-trace-go library to version 2.8.1 or later to implement necessary resource throttling.

Proactive Monitoring: Monitor application resource utilization, specifically memory and CPU usage, for spikes that may indicate an ongoing denial of service attempt.

Compensating Controls: Utilize rate limiting at the network edge or application gateway to prevent excessive requests from reaching the vulnerable library functions.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Organizations using the dd-trace-go library should immediately update to version 2.8.1 to eliminate the resource exhaustion vulnerability. Given the ease of triggering such flaws, timely patching is essential to maintain service availability.