What is CVE-2026-24051?

CVE-2026-24051 is a high-severity vulnerability in Open-telemetry Opentelemetry-go, classified under Untrusted Search Path. CVSS score: 7.0/10. Published 2026-02-02.

How severe is CVE-2026-24051?

High severity. CVSS v3 base score is 7.0 out of 10.

Vulnerability in Open-telemetry Opentelemetry-go

CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/ho…

EPSS: 0.000 (4.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Open-telemetry Opentelemetry-go — versions >= 1.21.0, < 1.40.0

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

References

https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq (x_refsource_CONFIRM)
https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-24051?: CVE-2026-24051 is a high-severity vulnerability in Open-telemetry Opentelemetry-go, classified under Untrusted Search Path. CVSS score: 7.0/10. Published 2026-02-02.
How severe is CVE-2026-24051?: High severity. CVSS v3 base score is 7.0 out of 10.