3 matches found
CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution
dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...
PT-2026-28514
Name of the Vulnerable Software and Affected Versions dd-trace-java versions 0.40.0 through prior to 1.60.2 Description dd-trace-java is a Datadog APM client for Java. The RMI instrumentation in affected versions registered a custom endpoint that deserialized incoming data without applying...
PT-2026-28180
Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.26.1 Description The Java instrumentation for OpenTelemetry registers a custom endpoint that deserializes incoming data without applying serialization filters. An attacker with network...