CVE-2026-39882: OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

Overview

Severity

Medium (CVSS 5.3)

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-11

EPSS Score

0.02% (percentile: 3.3%)

Affected Products (12)

Other

• 21177-17084
• 20988-17084
• 20992-17084
• 20994-17084
• 21178-17086
• 21000-17086
• 21001-17086
• 21002-17086
• 20701-17086
• 21009-17086
• 21012-17084
• 21179-17084

Revision History

• 2026-04-11: Information published.