Root has patched CVE-2026-39883 in the rootio-go.opentelemetry.io/otel/sdk package for Root:Go. Multiple fixed versions available.
{
"distro": "gobinary",
"source": "Root",
"distro_version": "",
"severity": "HIGH"
}[
"v1.28.0-root.io.1",
"v1.35.0-root.io.1",
"v1.39.0-root.io.2",
"v1.38.0-root.io.2",
"v1.39.0-root.io.3",
"v1.35.0-root.io.2",
"v1.28.0-root.io.3"
]
7.0
""
"https://api.root.io/external/osv/ROOT-APP-GOBINARY-CVE-2026-39883.json"
"v1.28.0-root.io.3"
true
[
"v1.39.0-aikido.3",
"v1.38.0-aikido.2",
"v1.35.0-aikido.2",
"v1.28.0-aikido.3"
]
4.0
""
"https://api.root.io/external/osv/ROOT-APP-GOBINARY-CVE-2026-39883.json"
true
"v1.28.0-aikido.3"