[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-24051":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":150,"aliases":151,"duplicate_of":9,"upstream":154,"downstream":155,"duplicates":166,"related":167,"reserved_at":9,"published_at":175,"modified_at":176,"state":177,"summary":178,"references_raw":186,"kevs":216,"epss":217,"epss_history":220,"metrics":468,"affected":478},"CVE-2026-24051","OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application. A fix was released with v1.40.0.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-426","Untrusted Search Path","The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.","weakness","Stable","Base","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-38","Leveraging/Manipulating Configuration File Search Paths",[24,110],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.007","Path Interception by PATH Environment Variable",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,57,61,66,71,76,81,86,90,94,98,102,106],{"id":45,"name":46,"tactic":47},"D3-FA","File Analysis",{"name":48},"Detect",{"id":50,"name":51,"tactic":52},"D3-FIM","File Integrity Monitoring",{"name":48},{"id":54,"name":55,"tactic":56},"D3-DA","Dynamic Analysis",{"name":48},{"id":58,"name":59,"tactic":60},"D3-EFA","Emulated File Analysis",{"name":48},{"id":62,"name":63,"tactic":64},"D3-FEV","File Eviction",{"name":65},"Evict",{"id":67,"name":68,"tactic":69},"D3-DF","Decoy File",{"name":70},"Deceive",{"id":72,"name":73,"tactic":74},"D3-FE","File Encryption",{"name":75},"Harden",{"id":77,"name":78,"tactic":79},"D3-RF","Restore File",{"name":80},"Restore",{"id":82,"name":83,"tactic":84},"D3-CF","Content Filtering",{"name":85},"Isolate",{"id":87,"name":88,"tactic":89},"D3-LFP","Local File Permissions",{"name":85},{"id":91,"name":92,"tactic":93},"D3-RFAM","Remote File Access Mediation",{"name":85},{"id":95,"name":96,"tactic":97},"D3-CQ","Content Quarantine",{"name":85},{"id":99,"name":100,"tactic":101},"D3-CM","Content Modification",{"name":85},{"id":103,"name":104,"tactic":105},"D3-EAL","Executable Allowlisting",{"name":85},{"id":107,"name":108,"tactic":109},"D3-EDL","Executable Denylisting",{"name":85},{"id":111,"name":112,"tactics":113,"countermeasures":119},"T1574.009","Path Interception by Unquoted Path",[114,115,116,117,118],{"id":29,"name":30},{"id":32,"name":33},{"id":35,"name":36},{"id":38,"name":39},{"id":41,"name":42},[120,122,124,126,128,130,132,134,136,138,140,142,144,146,148],{"id":45,"name":46,"tactic":121},{"name":48},{"id":50,"name":51,"tactic":123},{"name":48},{"id":54,"name":55,"tactic":125},{"name":48},{"id":58,"name":59,"tactic":127},{"name":48},{"id":62,"name":63,"tactic":129},{"name":65},{"id":67,"name":68,"tactic":131},{"name":70},{"id":72,"name":73,"tactic":133},{"name":75},{"id":77,"name":78,"tactic":135},{"name":80},{"id":82,"name":83,"tactic":137},{"name":85},{"id":87,"name":88,"tactic":139},{"name":85},{"id":91,"name":92,"tactic":141},{"name":85},{"id":95,"name":96,"tactic":143},{"name":85},{"id":99,"name":100,"tactic":145},{"name":85},{"id":103,"name":104,"tactic":147},{"name":85},{"id":107,"name":108,"tactic":149},{"name":85},[],[152,153],"GHSA-9h8m-3fm2-qjrq","GO-2026-4394",[],[156,158,160,162,164],{"_key":157},"SUSE-SU-2026:0757-1",{"_key":159},"OPENSUSE-SU-2026:10396-1",{"_key":161},"OPENSUSE-SU-2026:10613-1",{"_key":163},"OPENSUSE-SU-2026:10684-1",{"_key":165},"OPENSUSE-SU-2026:10716-1",[],[168,169,170,171,172,173],{"_key":157},{"_key":159},{"_key":161},{"_key":163},{"_key":165},{"_key":174},"CGA-MQPQ-RVMW-8RPR","2026-02-02T19:49:10.038Z","2026-02-03T14:54:41.668Z","Analyzed",{"cisa_kev":179,"cisa_ransomware":179,"cisa_vendor":9,"epss_severity":180,"epss_score":181,"severity":182,"severity_score":4,"severity_version":183,"severity_source":184,"severity_vector":185,"severity_status":177},false,"low",0.00017,"high","v3.1","cve.org","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",[187,198,203,208,212],{"url":188,"sources":189,"tags":192},"https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq",[190,184,191],"osv_go","nvd",[193,194,195,196,197],"WEB","X Refsource CONFIRM","Advisory","Patch","Vendor Advisory",{"url":199,"sources":200,"tags":201},"https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53",[190,184,191],[193,202,196],"X Refsource MISC",{"url":204,"sources":205,"tags":206},"https://github.com/open-telemetry/opentelemetry-go",[190],[207],"PACKAGE",{"url":209,"sources":210,"tags":211},"https://nvd.nist.gov/vuln/detail/CVE-2026-24051",[190],[195],{"url":213,"sources":214,"tags":215},"https://pkg.go.dev/vuln/GO-2026-4394",[190],[193],[],{"date":218,"score":181,"percentile":219},"2026-06-05",0.04286,[221,225,228,231,234,237,240,243,245,248,251,254,257,260,263,265,268,270,273,276,278,281,284,287,289,292,295,298,301,304,307,309,313,315,318,321,323,325,327,329,331,333,336,339,341,343,345,349,352,355,357,360,362,365,368,370,373,375,378,381,384,387,389,391,394,396,399,402,405,408,411,415,417,420,423,426,429,432,435,438,441,444,446,449,452,455,458,461,463,465],{"date":222,"score":223,"percentile":224},"2026-02-03",0.00006,0.00249,{"date":226,"score":223,"percentile":227},"2026-02-04",0.00259,{"date":229,"score":223,"percentile":230},"2026-02-05",0.00261,{"date":232,"score":223,"percentile":233},"2026-02-06",0.00263,{"date":235,"score":223,"percentile":236},"2026-02-07",0.00258,{"date":238,"score":223,"percentile":239},"2026-02-08",0.00327,{"date":241,"score":223,"percentile":242},"2026-02-09",0.00323,{"date":244,"score":223,"percentile":239},"2026-02-10",{"date":246,"score":223,"percentile":247},"2026-02-11",0.00336,{"date":249,"score":223,"percentile":250},"2026-02-12",0.00337,{"date":252,"score":223,"percentile":253},"2026-02-13",0.00339,{"date":255,"score":223,"percentile":256},"2026-02-14",0.00334,{"date":258,"score":223,"percentile":259},"2026-02-15",0.00332,{"date":261,"score":223,"percentile":262},"2026-02-16",0.00328,{"date":264,"score":223,"percentile":239},"2026-02-17",{"date":266,"score":223,"percentile":267},"2026-02-18",0.00369,{"date":269,"score":223,"percentile":267},"2026-02-19",{"date":271,"score":223,"percentile":272},"2026-02-20",0.00371,{"date":274,"score":223,"percentile":275},"2026-02-21",0.0037,{"date":277,"score":223,"percentile":267},"2026-02-22",{"date":279,"score":223,"percentile":280},"2026-02-23",0.00367,{"date":282,"score":223,"percentile":283},"2026-02-24",0.00365,{"date":285,"score":223,"percentile":286},"2026-02-25",0.00363,{"date":288,"score":223,"percentile":283},"2026-02-26",{"date":290,"score":223,"percentile":291},"2026-02-27",0.00362,{"date":293,"score":223,"percentile":294},"2026-02-28",0.0036,{"date":296,"score":223,"percentile":297},"2026-03-01",0.00347,{"date":299,"score":223,"percentile":300},"2026-03-02",0.00345,{"date":302,"score":223,"percentile":303},"2026-03-03",0.0035,{"date":305,"score":223,"percentile":306},"2026-03-04",0.00364,{"date":308,"score":223,"percentile":267},"2026-03-05",{"date":310,"score":311,"percentile":312},"2026-03-06",0.00007,0.00503,{"date":314,"score":311,"percentile":312},"2026-03-07",{"date":316,"score":311,"percentile":317},"2026-03-08",0.005,{"date":319,"score":311,"percentile":320},"2026-03-09",0.00502,{"date":322,"score":311,"percentile":320},"2026-03-10",{"date":324,"score":311,"percentile":317},"2026-03-11",{"date":326,"score":311,"percentile":312},"2026-03-12",{"date":328,"score":311,"percentile":312},"2026-03-13",{"date":330,"score":311,"percentile":320},"2026-03-14",{"date":332,"score":311,"percentile":317},"2026-03-15",{"date":334,"score":311,"percentile":335},"2026-03-16",0.00497,{"date":337,"score":311,"percentile":338},"2026-03-17",0.00498,{"date":340,"score":311,"percentile":338},"2026-03-18",{"date":342,"score":311,"percentile":335},"2026-03-19",{"date":344,"score":311,"percentile":335},"2026-03-20",{"date":346,"score":347,"percentile":348},"2026-03-21",0.00008,0.00774,{"date":350,"score":347,"percentile":351},"2026-03-22",0.00768,{"date":353,"score":347,"percentile":354},"2026-03-23",0.00769,{"date":356,"score":347,"percentile":351},"2026-03-24",{"date":358,"score":347,"percentile":359},"2026-03-25",0.00773,{"date":361,"score":347,"percentile":359},"2026-03-26",{"date":363,"score":347,"percentile":364},"2026-03-27",0.00777,{"date":366,"score":347,"percentile":367},"2026-03-28",0.00775,{"date":369,"score":347,"percentile":367},"2026-03-29",{"date":371,"score":347,"percentile":372},"2026-03-30",0.0077,{"date":374,"score":347,"percentile":351},"2026-03-31",{"date":376,"score":347,"percentile":377},"2026-04-01",0.00766,{"date":379,"score":311,"percentile":380},"2026-04-02",0.00582,{"date":382,"score":311,"percentile":383},"2026-04-03",0.00574,{"date":385,"score":311,"percentile":386},"2026-04-04",0.00575,{"date":388,"score":311,"percentile":386},"2026-04-05",{"date":390,"score":311,"percentile":383},"2026-04-06",{"date":392,"score":311,"percentile":393},"2026-04-07",0.00576,{"date":395,"score":311,"percentile":383},"2026-04-08",{"date":397,"score":311,"percentile":398},"2026-04-09",0.00567,{"date":400,"score":311,"percentile":401},"2026-04-10",0.00569,{"date":403,"score":347,"percentile":404},"2026-04-11",0.00754,{"date":406,"score":347,"percentile":407},"2026-04-12",0.00748,{"date":409,"score":347,"percentile":410},"2026-04-13",0.00749,{"date":412,"score":413,"percentile":414},"2026-04-14",0.00011,0.01213,{"date":416,"score":413,"percentile":414},"2026-04-15",{"date":418,"score":413,"percentile":419},"2026-04-16",0.01223,{"date":421,"score":413,"percentile":422},"2026-04-17",0.01229,{"date":424,"score":413,"percentile":425},"2026-04-18",0.01235,{"date":427,"score":413,"percentile":428},"2026-04-19",0.01232,{"date":430,"score":413,"percentile":431},"2026-04-20",0.01227,{"date":433,"score":413,"percentile":434},"2026-04-21",0.0131,{"date":436,"score":413,"percentile":437},"2026-04-22",0.01315,{"date":439,"score":413,"percentile":440},"2026-04-23",0.01321,{"date":442,"score":413,"percentile":443},"2026-04-24",0.01316,{"date":445,"score":413,"percentile":443},"2026-04-25",{"date":447,"score":413,"percentile":448},"2026-04-26",0.0132,{"date":450,"score":413,"percentile":451},"2026-04-27",0.01328,{"date":453,"score":413,"percentile":454},"2026-04-28",0.01312,{"date":456,"score":413,"percentile":457},"2026-04-29",0.01318,{"date":459,"score":413,"percentile":460},"2026-04-30",0.01314,{"date":462,"score":413,"percentile":454},"2026-05-01",{"date":464,"score":413,"percentile":454},"2026-05-02",{"date":466,"score":413,"percentile":467},"2026-05-03",0.01311,[469,473,476],{"source":190,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":470,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":9,"vectorString":185,"impactScore":471,"exploitabilityScore":472},9.8,2.6,{"source":184,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":474,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":475,"vectorString":185,"impactScore":471,"exploitabilityScore":472},"HIGH",{"source":191,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":477,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":475,"vectorString":185,"impactScore":471,"exploitabilityScore":472},[479,494,499,507],{"ecosystem":480,"name":481,"vendor":482,"product":483,"cpe_part":9,"purl_type":484,"purl_namespace":482,"purl_name":483,"source":9,"versions":485},"Go","go.opentelemetry.io/otel/sdk","go.opentelemetry.io/otel","sdk","golang",[486],{"version":487,"is_range":488,"range_type":489,"version_start":490,"version_start_type":491,"version_end":492,"version_end_type":493,"fixed_in":9},"gte1_21_0_lt1_40_0",true,"semver","1.21.0","including","1.40.0","excluding",{"ecosystem":480,"name":495,"vendor":481,"product":496,"cpe_part":9,"purl_type":484,"purl_namespace":481,"purl_name":496,"source":9,"versions":497},"go.opentelemetry.io/otel/sdk/resource","resource",[498],{"version":487,"is_range":488,"range_type":489,"version_start":490,"version_start_type":491,"version_end":492,"version_end_type":493,"fixed_in":9},{"ecosystem":9,"name":500,"vendor":501,"product":500,"cpe_part":502,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":503},"opentelemetry-go","linuxfoundation","a",[504],{"version":505,"is_range":488,"range_type":506,"version_start":490,"version_start_type":491,"version_end":492,"version_end_type":493,"fixed_in":9},"gte1.21.0_lt1.40.0","cpe",{"ecosystem":9,"name":500,"vendor":508,"product":500,"cpe_part":502,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":509},"open-telemetry",[510],{"version":511,"is_range":488,"range_type":184,"version_start":490,"version_start_type":491,"version_end":492,"version_end_type":493,"fixed_in":9},">= 1.21.0, \u003C 1.40.0"]