CVE-2026-25681 vulnerabilities

Vulnerabilities for packages: caddy, step, prometheus-operator, gitea, argo-cd, kubernetes, vitess, crossplane-provider-azure-storage, ingress-nginx-controller, flux, glab, helm, hubble, crossplane-provider-azure-authorization, kots, istio, hydra, telegraf, vale, step-issuer, fq, snyk-cli, cilium...

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

RHEL 10 : opentelemetry-collector (RHSA-2026:19135)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19135 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host...

GHSA-PJV4-3C63-699F opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

Summary A server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any OpenTelemetry receiver that uses auth: azureauth. The extension's Authenticate metho...

RHEL 9 : opentelemetry-collector (RHSA-2026:4267)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:4267 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: golang: net/url: Memory exhaustion in query...

ALSA-2026:4174 Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls CVE-2025-68121 For more details about the security issues,...

RHEL 9 : opentelemetry-collector (RHSA-2026:4177)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:4177 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: golang: net/url: Memory exhaustion in query...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: linkerd2, crossplane-provider-aws-rds, nova, gitlab-pages, external-dns, goreleaser, pluto, harbor, crossplane-provider-aws-firehose, flux-operator, cluster-api-azure-controller, crossplane-provider-aws-dynamodb, apko, crossplane-provider-aws-cloudfront,...

RHEL 9 : opentelemetry-collector (RHSA-2026:3287)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:3287 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: crypto/x509: golang: Denial of Service due to excessive...

RHEL 9 : opentelemetry-collector (RHSA-2026:3289)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:3289 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: crypto/x509: golang: Denial of Service due to excessive...

RLSA-2026:1908 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 For more details about the security issues, including the...

RHEL 10 : opentelemetry-collector (RHSA-2026:1907)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:1907 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: crypto/x509: golang: Denial of Service due to excessive...

RHEL 9 : opentelemetry-collector (RHSA-2026:0513)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0513 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...

RHEL 9 : opentelemetry-collector (RHSA-2026:0512)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0512 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...

RHEL 10 : opentelemetry-collector (RHSA-2026:0514)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0514 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...

RHEL 9 : opentelemetry-collector (RHSA-2025:23729)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23729 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...

RLSA-2025:12831 Moderate: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS score...

RHEL 9 : opentelemetry-collector (RHSA-2025:15406)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15406 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/http: Sensitive headers not cleared on cross-origin...

Kibana Upgrade Assistant Telemetry Collector Prototype Pollution

Kibana before version 7.6.3 suffers from a prototype pollution bug within the Upgrade Assistant. By setting a new constructor.prototype.sourceURL value we're able to execute arbitrary code. Code execution is possible through two different ways. Either by sending data directly to Elastic, or using...

CVE-2021-41090 Instance config inline secret exposure

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...