com.sap.hcp.cf.logging:sample-app-spring-boot (>=3.8.5 <=4.1.0), dev.vality:shared-resources (>=4.0.0-alpha1 <=4.0.0-alpha4) +1 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent:opentelemetry-javaagent (>=2.15.0 <=2.23.0)

io.opentelemetry.javaagent:opentelemetry-javaagent MAVEN version =2.15.0, =3.8.5, =4.0.0-alpha1, =2.5.12, =2.6.4-hadoop3 Source cves: CVE-2026-33701 Source advisory: SNYK:JAVA-IOOPENTELEMETRYJAVAAGENT-15857172...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the RMI integration. An attacker can execute arbitrary code with the privileges of the user running the instrumented JVM by sending specially crafted serialized data to a network-exposed JMX or RMI...

PT-2026-28514

Name of the Vulnerable Software and Affected Versions dd-trace-java versions 0.40.0 through prior to 1.60.2 Description dd-trace-java is a Datadog APM client for Java. The RMI instrumentation in affected versions registered a custom endpoint that deserialized incoming data without applying...

com.sap.hcp.cf.logging:sample-app-spring-boot (>=3.8.0 <=4.1.0), com.weibo:rill-flow-service (>=0.1.3 <=0.1.18) +159 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent:opentelemetry-javaagent (>=0.12.1 <=2.23.0)

io.opentelemetry.javaagent:opentelemetry-javaagent MAVEN version =0.12.1, =3.8.0, =0.1.3, =4.0.0-alpha1, =1.9.0, =0.0.10, =0.2.1, =0.6.2, =0.6.2, =0.80.0, =0.80.0, =0.19.0, =2.5.0, =1.9.0, =1.9.0, =2.3.0 and more Source cves: CVE-2026-33701 Source advisory: OSV:GHSA-XW7X-H9FJ-P2C7...