CVE-2026-33701 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...