CNNVD-202602-050 Information
Feb 02, 2026
cve
CNNVD ID
CNNVD-202602-050
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
OpenTelemetry-Go是OpenTelemetry - CNCF开源的一个开发者工具包。 OpenTelemetry-Go v1.20.0-1.39.0版本存在代码问题漏洞,该漏洞源于资源检测代码执行ioreg命令时存在路径劫持,可能导致任意代码执行。
Description (English)
OpenTelemetry-Go is an OpenTelemetry-CNCF Open Source Development Toolkit. OpenTelemetry-Go v1.20.0-1.39.0 has a code gap, which stems from the path hijacking that exists when the resource detection code implements the ioreg order, which may lead to arbitrary code enforcement.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
OpenTelemetry - CNCF
Published
2026-02-02
Last Modified
2026-02-24
References
https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq https://access.redhat.com/security/cve/cve-2026-24051