Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
OpenTelemetry Collector on Red Hat Systems at Risk of Remote Execution
RHSA-2026:19719
Summary
The OpenTelemetry Collector on Red Hat systems may allow an attacker to execute code remotely. This affects systems where the OpenTelemetry Collector is installed and configured to receive data from untrusted sources. To protect your systems, update the OpenTelemetry Collector to the latest version.
What to do
- Update redhat opentelemetry-collector to version 0:0.144.0-2.el10_0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Red Hat:enterprise_linux_eus:10.0 | redhat | opentelemetry-collector |
< 0:0.144.0-2.el10_0 Fix: upgrade to 0:0.144.0-2.el10_0
|
Original title
Red Hat Security Advisory: opentelemetry-collector security update
osv CVSS3.1
9.1
- https://access.redhat.com/errata/RHSA-2026:19719 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2445356 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2449833 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2455470 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2456333 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2456335 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2456336 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2456338 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2456339 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19719.... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-25679 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-25679 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-25679 Vendor Advisory
- https://go.dev/cl/752180 Third Party Advisory
- https://go.dev/issue/77578 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4601 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-32280 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-32280 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-32280 Vendor Advisory
- https://go.dev/cl/758320 Third Party Advisory
- https://go.dev/issue/78282 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4947 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-32281 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-32281 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-32281 Vendor Advisory
- https://go.dev/cl/758061 Third Party Advisory
- https://go.dev/issue/78281 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4946 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-32282 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-32282 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-32282 Vendor Advisory
- https://go.dev/cl/763761 Third Party Advisory
- https://go.dev/issue/78293 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4864 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-32283 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-32283 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-32283 Vendor Advisory
- https://go.dev/cl/763767 Third Party Advisory
- https://go.dev/issue/78334 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4870 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-33186 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-33186 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-33186 Vendor Advisory
- https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-33810 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-33810 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-33810 Vendor Advisory
- https://go.dev/cl/763763 Third Party Advisory
- https://go.dev/issue/78332 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4866 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-34986 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-34986 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-34986 Vendor Advisory
- https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8 Third Party Advisory
- https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants Third Party Advisory
Published: 21 May 2026 · Updated: 22 May 2026 · First seen: 22 May 2026