diff --git a/CHANGELOG.md b/CHANGELOG.md
index 721db3b612..63c6ee2a51 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   ([#4907](https://github.com/open-telemetry/opentelemetry-python/issues/4907))
 - Drop Python 3.9 support
   ([#5076](https://github.com/open-telemetry/opentelemetry-python/pull/5076))
+- `opentelemetry-proto`: relax protobuf upper bound from `<7.0` to `<8.0` to unblock adoption of protobuf 7.x (CVE-2026-8994)
+  ([#5099](https://github.com/open-telemetry/opentelemetry-python/issues/5099))
 
 
 ## Version 1.41.0/0.62b0 (2026-04-09)
diff --git a/opentelemetry-proto/pyproject.toml b/opentelemetry-proto/pyproject.toml
index 28bce6b6d0..645550627b 100644
--- a/opentelemetry-proto/pyproject.toml
+++ b/opentelemetry-proto/pyproject.toml
@@ -25,7 +25,7 @@ classifiers = [
   "Programming Language :: Python :: 3.14",
 ]
 dependencies = [
-  "protobuf>=5.0, < 7.0",
+  "protobuf>=5.0, < 8.0",
 ]
 
 [project.urls]