Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
OpenTelemetry-Go: Multiple Security Flaws in Argo Workflows
CLEANSTART-2026-BY85815
Summary
The OpenTelemetry-Go library for Go, used in Argo Workflows, contains multiple security vulnerabilities. These flaws could allow an attacker to gain unauthorized access to sensitive data. Update to the latest version of Argo Workflows to ensure you have the latest security patches.
What to do
- Update argo-workflows to version 4.0.1-r0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | argo-workflows | <= 4.0.1-r0 | 4.0.1-r0 |
Original title
OpenTelemetry-Go is the Go implementation of OpenTelemetry
Original description
Multiple security vulnerabilities affect the argo-workflows package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details.
osv CVSS3.1
9.8
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advis... Vendor Advisory
- https://osv.dev/vulnerability/CVE-2025-61729 URL
- https://osv.dev/vulnerability/CVE-2026-24051 URL
- https://osv.dev/vulnerability/CVE-2026-25934 URL
- https://osv.dev/vulnerability/CVE-2026-26958 URL
- https://osv.dev/vulnerability/GHSA-2464-8j7c-4cjm URL
- https://osv.dev/vulnerability/GHSA-2x5j-vhc8-9cwm URL
- https://osv.dev/vulnerability/GHSA-37cx-329c-33x3 URL
- https://osv.dev/vulnerability/GHSA-fv92-fjc5-jj9h URL
- https://osv.dev/vulnerability/GHSA-fw7p-63qq-7hpr URL
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 URL
- https://nvd.nist.gov/vuln/detail/CVE-2026-24051 URL
- https://nvd.nist.gov/vuln/detail/CVE-2026-25934 URL
- https://nvd.nist.gov/vuln/detail/CVE-2026-26958 URL
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026