Open-Telemetry Opentelemetry-Java-Instrumentation vulnerabilities
2 known vulnerabilities affecting open-telemetry/opentelemetry-java-instrumentation.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-33701P2CRITICALCVSS 9.8fixed in 2.26.12026-03-27
CVE-2026-33701 [CRITICAL] CWE-502 CVE-2026-33701: OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation l
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or R
nvd
CVE-2023-39951P3MEDIUMCVSS 6.5fixed in 1.28.02023-08-08
CVE-2023-39951 [MEDIUM] CWE-200 CVE-2023-39951: OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation l
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrume
nvd