VYPR
Medium severity6.5GHSA Advisory· Published May 26, 2026· Updated May 29, 2026

CVE-2026-44213

CVE-2026-44213

Description

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANA_ENDPOINT_PROXY environment variable. If a network attacker can Man-in-the-Middle (MitM) the proxy connection, all OpenTelemetry telemetry data and the Instana API key are exposed to the attacker. This vulnerability is fixed in 1.1.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
OpenTelemetry.Exporter.InstanaNuGet
< 1.1.01.1.0

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

1