Released on: 2026-05-07
go.opentelemetry.io/otel/sdk to v1.43.0 to address CVE-2026-39883, a PATH-hijacking vulnerability in the OpenTelemetry Go SDK's host detection on BSD and Solaris platforms (the SDK invoked the kenv command without an absolute path). The Datadog Agent's primary supported platforms (Linux, Windows, macOS) are not affected at runtime, but the dependency is upgraded to keep the shipped binary free of the vulnerable code.Released on: 2026-05-07 Pinned to datadog-agent v7.78.3: CHANGELOG.
Fetched May 7, 2026