CVE-2026-44213 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

0perator (>=0.1.0 <=0.3.0), 0pflow (>=0.1.0 <=0.1.0-dev.f5622ac) +1803 more potentially affected by CVE-2026-44902 via @opentelemetry/exporter-prometheus (>=0.10.2 <=0.216.0)

@opentelemetry/exporter-prometheus NPM version =0.10.2, =0.1.0, =0.1.0, =0.1.1, =0.0.1, =0.8.0, =0.1.1, =0.1.1, =0.1.1, =0.1.8, =0.1.5, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.3.4, =0.1.0, =0.4.0, =5.0.1-staging.f17326334 and more Source cves: CVE-2026-44902 Source...

0perator (>=0.1.0 <=0.3.0), 0pflow (>=0.1.0 <=0.1.0-dev.f5622ac) +1803 more potentially affected by CVE-2026-44902 via @opentelemetry/exporter-prometheus (>=0.10.2 <=0.216.0)

@opentelemetry/exporter-prometheus NPM version =0.10.2, =0.1.0, =0.1.0, =0.1.1, =0.0.1, =0.8.0, =0.1.1, =0.1.1, =0.1.1, =0.1.8, =0.1.5, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.3.4, =0.1.0, =0.4.0, =5.0.1-staging.f17326334 and more Source cves: CVE-2026-44902 Source...

PT-2026-37116

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.OneCollector versions prior to 1.15.1 Description When exporting telemetry to a back-end or collector over HTTP, the HttpJsonPostTransport class reads the entire response body into memory without an upper bound if the...

Allocation of Resources Without Limits or Throttling

Overview OpenTelemetry.Exporter.Jaeger is a Jaeger exporter for OpenTelemetry .NET Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the span and tag conversion. An attacker can drive sustained memory pressure and denial of service by...

Malicious code in azure-monitor-opentelemetry-exporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4105e451e06ab909d8a5420349c767fec791355572db7e3696eb80c244fb050 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in monitor-opentelemetry-exporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 729620b347fffdb19db80ab7389b2228d0b739d11d68fc8bed393e29ed9dd745 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4689 Malicious code in monitor-opentelemetry-exporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 729620b347fffdb19db80ab7389b2228d0b739d11d68fc8bed393e29ed9dd745 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...