Skip to content

chore(core): fix vulnerabilitie CVE-2026-39883#2200

Merged
LopatinDmitr merged 1 commit intomainfrom
fix/virtualization/fix-cve-09042026
Apr 9, 2026
Merged

chore(core): fix vulnerabilitie CVE-2026-39883#2200
LopatinDmitr merged 1 commit intomainfrom
fix/virtualization/fix-cve-09042026

Conversation

@LopatinDmitr
Copy link
Copy Markdown
Contributor

@LopatinDmitr LopatinDmitr commented Apr 9, 2026

Description

  • Fix vulnerabilitie CVE-2026-39883: opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: core
type: chore
summary: Fix vulnerabilitie CVE-2026-39883.

@LopatinDmitr LopatinDmitr self-assigned this Apr 9, 2026
@LopatinDmitr LopatinDmitr modified the milestones: v1.9.0, v1.8.0 Apr 9, 2026
@LopatinDmitr LopatinDmitr marked this pull request as ready for review April 9, 2026 11:06
diafour
diafour previously approved these changes Apr 9, 2026
View reviewed changes
@LopatinDmitr
chore(core): cve mitigation
bbf6acb 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr force-pushed the fix/virtualization/fix-cve-09042026 branch from d11d379 to bbf6acb Compare April 9, 2026 11:26
@LopatinDmitr LopatinDmitr requested a review from diafour April 9, 2026 11:34
@LopatinDmitr LopatinDmitr merged commit 0c52e9a into main Apr 9, 2026
27 of 28 checks passed
@LopatinDmitr LopatinDmitr deleted the fix/virtualization/fix-cve-09042026 branch April 9, 2026 11:42
@deckhouse-BOaTswain deckhouse-BOaTswain mentioned this pull request Apr 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@diafour diafour diafour approved these changes

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@universal-itengineer universal-itengineer Awaiting requested review from universal-itengineer universal-itengineer is a code owner

@nevermarine nevermarine Awaiting requested review from nevermarine nevermarine is a code owner

Assignees

@LopatinDmitr LopatinDmitr

Labels

None yet

Projects

None yet

Milestone

v1.8.0

Development

Successfully merging this pull request may close these issues.

2 participants

@LopatinDmitr @diafour