CVE-2026-44213

6.5 MEDIUM

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend

Published: 2026-05-26 · Last updated: 2026-05-29

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-295

Description

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANA_ENDPOINT_PROXY environment variable. If a network attacker can Man-in-the-Middle (MitM) the proxy connection, all OpenTelemetry telemetry data and the Instana API key are exposed to the attacker. This vulnerability is fixed in 1.1.0.

Source: NVD

References

Related CVEs

Same CWE

CVE-2025-71261 — An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere... (8.6 HIGH)
CVE-2026-9259 — Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.5 MEDIUM)
CVE-2026-9258 — Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.5 MEDIUM)
CVE-2026-45388 — In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows imp... (9.1 CRITICAL)
CVE-2026-45170 — Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validati...