Opentelemetry Go

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-24051 HIGH PATCH This Week

Arbitrary code execution in OpenTelemetry Go SDK versions 1.20.0 through 1.39.0 on macOS results from insecure PATH resolution when executing the ioreg system command during resource detection. A local attacker with the ability to modify the PATH environment variable can hijack the command search path and execute arbitrary code with the privileges of the affected application. The vulnerability is resolved in version 1.40.0 and later.

macOS Golang Opentelemetry Go Suse

NVD GitHub

CVSS 3.1

7.0

EPSS

0.0%

CVE-2026-24051

EPSS 0% CVSS 7.0

HIGH PATCH This Week

Arbitrary code execution in OpenTelemetry Go SDK versions 1.20.0 through 1.39.0 on macOS results from insecure PATH resolution when executing the ioreg system command during resource detection. A local attacker with the ability to modify the PATH environment variable can hijack the command search path and execute arbitrary code with the privileges of the affected application. The vulnerability is resolved in version 1.40.0 and later.

macOS Golang Opentelemetry Go +1

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy