PT-2026-5718 · Opentelemetry · Opentelemetry-Go
Morielharush
·
Published
2026-02-02
·
Updated
2026-05-21
·
CVE-2026-24051
CVSS v3.1
9.8
Critical
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenTelemetry-Go versions 1.20.0 through 1.39.0
Description
The OpenTelemetry Go SDK versions 1.20.0 through 1.39.0 are susceptible to a path hijacking issue on macOS/Darwin systems. The resource detection code in
sdk/resource/host id.go executes the ioreg system command using a search path. An attacker who can modify the PATH environment variable locally can potentially achieve Arbitrary Code Execution (ACE) within the application's context.Recommendations
Update to version 1.40.0 or later.
Exploit
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
AZL-76443
AZL-76449
CLEANSTART-2026-AB04032
CLEANSTART-2026-AD71344
CLEANSTART-2026-AL75891
CLEANSTART-2026-AM88528
CLEANSTART-2026-AP81168
CLEANSTART-2026-AQ65185
CLEANSTART-2026-AS59691
CLEANSTART-2026-AT91215
CLEANSTART-2026-BA09462
CLEANSTART-2026-BB83999
CLEANSTART-2026-BD18029
CLEANSTART-2026-BH97849
CLEANSTART-2026-BK28579
CLEANSTART-2026-BM53321
CLEANSTART-2026-BT99405
CLEANSTART-2026-BU39038
CLEANSTART-2026-BU65096
CLEANSTART-2026-BY59711
CLEANSTART-2026-BY85815
CLEANSTART-2026-CC08450
CLEANSTART-2026-CD13174
CLEANSTART-2026-CF63743
CLEANSTART-2026-CG86499
CLEANSTART-2026-CN84623
CLEANSTART-2026-CO68219
CLEANSTART-2026-CP95927
CLEANSTART-2026-CU52059
CLEANSTART-2026-CY45415
CLEANSTART-2026-CZ07385
CLEANSTART-2026-DA99134
CLEANSTART-2026-DB61851
CLEANSTART-2026-DM19620
CLEANSTART-2026-DP35743
CLEANSTART-2026-DQ17669
CLEANSTART-2026-DS01292
CLEANSTART-2026-EB74978
CLEANSTART-2026-EE52954
CLEANSTART-2026-EI06494
CLEANSTART-2026-EI44621
CLEANSTART-2026-EL10860
CLEANSTART-2026-EP10142
CLEANSTART-2026-ET12387
CLEANSTART-2026-FB07695
CLEANSTART-2026-FJ01373
CLEANSTART-2026-FQ05951
CLEANSTART-2026-FR97108
CLEANSTART-2026-FU04414
CLEANSTART-2026-FV86809
CLEANSTART-2026-FX27781
CLEANSTART-2026-FZ55932
CLEANSTART-2026-GG06672
CLEANSTART-2026-GG94489
CLEANSTART-2026-GI57625
CLEANSTART-2026-GK29346
CLEANSTART-2026-GM18965
CLEANSTART-2026-GN78570
CLEANSTART-2026-GQ03231
CLEANSTART-2026-GU55430
CLEANSTART-2026-GX87608
CLEANSTART-2026-GY48351
CLEANSTART-2026-HB06257
CLEANSTART-2026-HC15345
CLEANSTART-2026-HE31644
CLEANSTART-2026-HF07497
CLEANSTART-2026-HK01840
CLEANSTART-2026-HK06185
CLEANSTART-2026-HM40094
CLEANSTART-2026-HQ88036
CLEANSTART-2026-HX97842
CLEANSTART-2026-IC68874
CLEANSTART-2026-IP72442
CLEANSTART-2026-IW23933
CLEANSTART-2026-IY77127
CLEANSTART-2026-JF28061
CLEANSTART-2026-JG72006
CLEANSTART-2026-JH93057
CLEANSTART-2026-JK59495
CLEANSTART-2026-JO01099
CLEANSTART-2026-JU62670
CLEANSTART-2026-JV26120
CLEANSTART-2026-JW58725
CLEANSTART-2026-JW59894
CLEANSTART-2026-JY63371
CLEANSTART-2026-KA15295
CLEANSTART-2026-KC83705
CLEANSTART-2026-KK98885
CLEANSTART-2026-KT28044
CLEANSTART-2026-KW24478
CLEANSTART-2026-LB23787
CLEANSTART-2026-LC01167
CLEANSTART-2026-LD14062
CLEANSTART-2026-LD15132
CLEANSTART-2026-LM43244
CLEANSTART-2026-LO63022
CLEANSTART-2026-LP76319
CLEANSTART-2026-LS00044
CLEANSTART-2026-LS30652
CLEANSTART-2026-LT10352
CLEANSTART-2026-LU21824
CLEANSTART-2026-LU81821
CLEANSTART-2026-LY88807
CLEANSTART-2026-MA32024
CLEANSTART-2026-MI12470
CLEANSTART-2026-MI26424
CLEANSTART-2026-MJ36694
CLEANSTART-2026-MK01488
CLEANSTART-2026-MK40719
CLEANSTART-2026-ML41879
CLEANSTART-2026-MO53190
CLEANSTART-2026-MS81166
CLEANSTART-2026-MT27167
CLEANSTART-2026-MW24969
CLEANSTART-2026-MW66533
CLEANSTART-2026-NG28268
CLEANSTART-2026-NG75665
CLEANSTART-2026-NI04192
CLEANSTART-2026-NJ43712
CLEANSTART-2026-NP19113
CLEANSTART-2026-NR54556
CLEANSTART-2026-NT80635
CLEANSTART-2026-NV37937
CLEANSTART-2026-OD47693
CLEANSTART-2026-OF37807
CLEANSTART-2026-OI10284
CLEANSTART-2026-OJ21550
CLEANSTART-2026-OM95908
CLEANSTART-2026-OR40192
CLEANSTART-2026-OS42112
CLEANSTART-2026-OU18540
CLEANSTART-2026-OW78143
CLEANSTART-2026-OX06978
CLEANSTART-2026-PB32291
CLEANSTART-2026-PE63912
CLEANSTART-2026-PJ76318
CLEANSTART-2026-PM81907
CLEANSTART-2026-PN56882
CLEANSTART-2026-PP62083
CLEANSTART-2026-PW47027
CLEANSTART-2026-PW57640
CLEANSTART-2026-PY36202
CLEANSTART-2026-PZ85180
CLEANSTART-2026-QA91937
CLEANSTART-2026-QB67682
CLEANSTART-2026-QI02196
CLEANSTART-2026-QK02462
CLEANSTART-2026-QN98167
CLEANSTART-2026-QO29688
CLEANSTART-2026-QP84300
CLEANSTART-2026-QS87161
CLEANSTART-2026-QV77143
CLEANSTART-2026-QY63788
CLEANSTART-2026-RJ35552
CLEANSTART-2026-RJ58492
CLEANSTART-2026-RS39197
CLEANSTART-2026-RU00721
CLEANSTART-2026-RX06063
CLEANSTART-2026-SF31652
CLEANSTART-2026-SH14815
CLEANSTART-2026-SI08105
CLEANSTART-2026-SO13464
CLEANSTART-2026-SR26977
CLEANSTART-2026-SY28275
CLEANSTART-2026-TE02851
CLEANSTART-2026-TN07413
CLEANSTART-2026-TT42218
CLEANSTART-2026-UB49656
CLEANSTART-2026-UD61879
CLEANSTART-2026-UK15999
CLEANSTART-2026-UW03847
CLEANSTART-2026-UW08576
CLEANSTART-2026-UZ17701
CLEANSTART-2026-VI68146
CLEANSTART-2026-VJ77782
CLEANSTART-2026-VL19675
CLEANSTART-2026-VS17175
CLEANSTART-2026-VT65447
CLEANSTART-2026-VX40916
CLEANSTART-2026-VY87942
CLEANSTART-2026-VZ08395
CLEANSTART-2026-VZ76006
CLEANSTART-2026-WA14162
CLEANSTART-2026-WB12909
CLEANSTART-2026-WL14185
CLEANSTART-2026-WN01990
CLEANSTART-2026-WO87803
CVE-2026-24051
GHSA-9H8M-3FM2-QJRQ
GO-2026-4394
OPENSUSE-SU-2026:10396-1
OPENSUSE-SU-2026:10613-1
OPENSUSE-SU-2026:10684-1
OPENSUSE-SU-2026:10716-1
SUSE-SU-2026:0757-1
Affected Products
Opentelemetry-Go
References · 887
- 🔥 https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24051.json⭐ 2460 🔗 557 · Exploit
- https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq⭐ 6285 🔗 1260 · Vendor Advisory
- https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53⭐ 6285 🔗 1260 · Patch
- https://osv.dev/vulnerability/CLEANSTART-2026-CF63743 · Vendor Advisory
- https://osv.dev/vulnerability/CLEANSTART-2026-AS59691 · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-34040 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-46394 · Security Note
- https://osv.dev/vulnerability/CLEANSTART-2026-UW03847 · Vendor Advisory
- https://osv.dev/vulnerability/CLEANSTART-2026-BD18029 · Vendor Advisory
- https://osv.dev/vulnerability/CLEANSTART-2026-VJ77782 · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-59537 · Security Note
- https://osv.dev/vulnerability/CLEANSTART-2026-EL10860 · Vendor Advisory
- https://osv.dev/vulnerability/CLEANSTART-2026-KW24478 · Vendor Advisory
- https://osv.dev/vulnerability/CLEANSTART-2026-HF07497 · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-66564 · Security Note