Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Opentelemetry Collector for Linux: Unauthenticated Access Risk
RHSA-2026:3287
Summary
The Opentelemetry Collector on Linux systems may allow an attacker to access sensitive data without a password. This affects any organization using the Opentelemetry Collector, which is used to collect and manage application performance metrics. To fix this, update your Opentelemetry Collector to the latest version or patch level to prevent unauthorized access.
What to do
- Update redhat opentelemetry-collector to version 0:0.135.0-3.el9_4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | opentelemetry-collector | <= 0:0.135.0-3.el9_4 | 0:0.135.0-3.el9_4 |
Original title
Red Hat Security Advisory: opentelemetry-collector security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:3287 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418462 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3287.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61729 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 Vendor Advisory
- https://go.dev/cl/725920 Third Party Advisory
- https://go.dev/issue/76445 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2025-4155 Vendor Advisory
Published: 25 Feb 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026