Open-telemetry Opentelemetry-go
4 CVEs affecting Open-telemetry Opentelemetry-go. Latest disclosed: 2026-04-08. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-29181 | High | 7.5 | 2026-04-07 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value indepe… |
CVE-2026-24051 | High | 7.0 | 2026-02-02 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Searc… |
CVE-2026-39882 | Medium | 5.3 | 2026-04-08 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body int… |
CVE-2026-39883 | | 2026-04-08 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolu… |