All 4 CVE vulnerabilities found in opentelemetry-go, with AI-generated Chinese analysis, references, and POCs.
Vendor: open-telemetry
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39883 | OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking CWE-426 | 9.8AI | CriticalAI | 2026-04-08 |
| CVE-2026-39882 | OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies CWE-789 | 5.3 | Medium | 2026-04-08 |
| CVE-2026-29181 | OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) CWE-770 | 7.5 | High | 2026-04-07 |
| CVE-2026-24051 | OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking CWE-426 | 7.0 | High | 2026-02-02 |
All 4 known CVE vulnerabilities affecting opentelemetry-go with full Chinese analysis, references, and POCs where available.