Tag
A Denial of Service (DoS) vulnerability exists in Datadog tracing libraries (`dd-trace-dotnet`) due to improper parsing of W3C baggage HTTP headers, allowing remote, unauthenticated attackers to send requests with arbitrarily large baggage headers, causing unbounded CPU and memory consumption and leading to service unavailability for any HTTP service instrumented with affected library versions where baggage propagation is enabled by default. The issue, tracked as CVE-2026-50273, is resolved in version 3.43.0 and later.