Aspire 13.2.4 Patches CVE-2026-40894: Baggage Header DoS in OpenTelemetry .NET
Aspire 13.2.4 ships an OpenTelemetry bump for CVE-2026-40894, a Gen0 allocation amplification in baggage, B3, and Jaeger propagator parsing. Update OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators to 1.15.3 even if you are not on Aspire.