OpenTelemetry-Go: Unprivileged Process Privilege Escalation

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

OpenTelemetry-Go: Unprivileged Process Privilege Escalation

CLEANSTART-2026-GI57625

Summary

The fluent-operator-fips package relies on OpenTelemetry-Go, which contains a vulnerability that could allow an unprivileged process to gain elevated privileges. This could lead to unauthorized access to sensitive data or system resources. Update OpenTelemetry-Go to the latest version to mitigate this risk.

What to do

Update fluent-operator-fips to version 3.5.0-r0.

Affected software

Vendor	Product	Affected versions	Fix available
–	fluent-operator-fips	<= 3.5.0-r0	3.5.0-r0

Original title

OpenTelemetry-Go is the Go implementation of OpenTelemetry

Original description

Security vulnerability affects the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry.

osv CVSS3.1 9.8

https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advis... Vendor Advisory
https://osv.dev/vulnerability/CVE-2026-24051 URL
https://nvd.nist.gov/vuln/detail/CVE-2026-24051 URL

Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026