Skip to content

chore(core): fix vulnerabilitie CVE-2026-39883 in CSE#2199

Merged
LopatinDmitr merged 1 commit into
release-1.0-csefrom
fix/virtualization/fix-cve-09042026-cse
Apr 9, 2026
Merged

chore(core): fix vulnerabilitie CVE-2026-39883 in CSE#2199
LopatinDmitr merged 1 commit into
release-1.0-csefrom
fix/virtualization/fix-cve-09042026-cse

Conversation

@LopatinDmitr
Copy link
Copy Markdown
Contributor

@LopatinDmitr LopatinDmitr commented Apr 9, 2026
edited
Loading

Description

  • Fix vulnerabilitie CVE-2026-39883: opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: core
type: chore 
summary: Fix vulnerabilitie CVE-2026-39883.

@LopatinDmitr
chore(core): cve mitigation in cse
0b4284e 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr self-assigned this Apr 9, 2026
@LopatinDmitr LopatinDmitr marked this pull request as ready for review April 9, 2026 11:00
@LopatinDmitr LopatinDmitr merged commit e880f5f into release-1.0-cse Apr 9, 2026
27 of 30 checks passed
@LopatinDmitr LopatinDmitr deleted the fix/virtualization/fix-cve-09042026-cse branch April 9, 2026 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@diafour diafour diafour approved these changes

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@universal-itengineer universal-itengineer Awaiting requested review from universal-itengineer universal-itengineer is a code owner

@nevermarine nevermarine Awaiting requested review from nevermarine nevermarine is a code owner

@hardcoretime hardcoretime Awaiting requested review from hardcoretime hardcoretime is a code owner

@danilrwx danilrwx Awaiting requested review from danilrwx danilrwx is a code owner

Assignees

@LopatinDmitr LopatinDmitr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LopatinDmitr @diafour