Improper Handling of Exceptional Conditions

CVE-2026-44902

Low

0/10

Summary

A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default `0.0.0.0:9464`) has no error handling around URL parsing, so a request with an invalid URI causes an uncaught `TypeError` that terminates the process. @opentelemetry/auto-instrumentations-node versions prior to 0.75.0, @opentelemetry/exporter-prometheus and @opentelemetry/sdk-node versions prior to 0.217.0 are affected.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

References

Advisory

Advisory Timeline

Published May 11, 2026

Improper Handling of Exceptional Conditions

CVE-2026-44902

Summary

CWE-755 - Improper Handling of Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS