ROOT-APP-NPM-CVE-2026-44902
- Source
- https://root.io/security/ROOT-APP-NPM-CVE-2026-44902
- Import Source
- https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44902.json
- JSON Data
- https://api.osv.dev/v1/vulns/ROOT-APP-NPM-CVE-2026-44902
- Upstream
- Published
- 2026-06-09T12:47:31Z
- Modified
- 2026-06-09T19:30:04.591774764Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- CVE-2026-44902 in @rootio/opentelemetry__sdk-node - Patched by Root
- Details
-
Root has patched CVE-2026-44902 in the @rootio/opentelemetry__sdk-node package for Root:npm. Multiple fixed versions available.
- Database specific
{ "distro": "npm", "severity": "HIGH", "distro_version": "", "source": "Root" }- References
-
Affected packages
Root:npm
@rootio/opentelemetry__sdk-node
Package
- Name
- @rootio/opentelemetry__sdk-node
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.204.0-root.io.1Fixed0.202.0-root.io.1Fixed0.207.0-root.io.1Fixed0.213.0-root.io.1Fixed0.215.0-root.io.1Fixed0.216.0-root.io.1Fixed0.202.0-root.io.2Fixed0.213.0-root.io.2Fixed0.216.0-root.io.2Fixed0.204.0-root.io.2Fixed0.207.0-root.io.2Fixed0.215.0-root.io.2Fixed0.202.0-root.io.3Fixed0.216.0-root.io.3Fixed0.213.0-root.io.3Fixed0.207.0-root.io.3Fixed0.215.0-root.io.3
Database specific
total_fixed_versions
17.0
all_fixed_versions
[
"0.204.0-root.io.1",
"0.202.0-root.io.1",
"0.207.0-root.io.1",
"0.213.0-root.io.1",
"0.215.0-root.io.1",
"0.216.0-root.io.1",
"0.202.0-root.io.2",
"0.213.0-root.io.2",
"0.216.0-root.io.2",
"0.204.0-root.io.2",
"0.207.0-root.io.2",
"0.215.0-root.io.2",
"0.202.0-root.io.3",
"0.216.0-root.io.3",
"0.213.0-root.io.3",
"0.207.0-root.io.3",
"0.215.0-root.io.3"
]
upstream_version
"0.215.0-root.io.3"
root_patched
true
root_patch_version
""
source
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44902.json"
@rootio/opentelemetry__exporter-prometheus
Package
- Name
- @rootio/opentelemetry__exporter-prometheus
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.202.0-root.io.1Fixed0.204.0-root.io.1Fixed0.207.0-root.io.1Fixed0.213.0-root.io.1Fixed0.216.0-root.io.1Fixed0.215.0-root.io.1Fixed0.202.0-root.io.2Fixed0.216.0-root.io.2Fixed0.207.0-root.io.2Fixed0.215.0-root.io.2Fixed0.213.0-root.io.2Fixed0.204.0-root.io.2Fixed0.207.0-root.io.3Fixed0.204.0-root.io.3Fixed0.202.0-root.io.3Fixed0.215.0-root.io.3Fixed0.213.0-root.io.3Fixed0.216.0-root.io.3
Database specific
total_fixed_versions
18.0
all_fixed_versions
[
"0.202.0-root.io.1",
"0.204.0-root.io.1",
"0.207.0-root.io.1",
"0.213.0-root.io.1",
"0.216.0-root.io.1",
"0.215.0-root.io.1",
"0.202.0-root.io.2",
"0.216.0-root.io.2",
"0.207.0-root.io.2",
"0.215.0-root.io.2",
"0.213.0-root.io.2",
"0.204.0-root.io.2",
"0.207.0-root.io.3",
"0.204.0-root.io.3",
"0.202.0-root.io.3",
"0.215.0-root.io.3",
"0.213.0-root.io.3",
"0.216.0-root.io.3"
]
upstream_version
"0.216.0-root.io.3"
root_patched
true
root_patch_version
""
source
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44902.json"
@rootio/opentelemetry__auto-instrumentations-node
Package
- Name
- @rootio/opentelemetry__auto-instrumentations-node
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.74.0-root.io.1Fixed0.73.0-root.io.1Fixed0.74.0-root.io.2Fixed0.73.0-root.io.2Fixed0.73.0-root.io.3Fixed0.74.0-root.io.3
Database specific
all_fixed_versions
[
"0.74.0-root.io.1",
"0.73.0-root.io.1",
"0.74.0-root.io.2",
"0.73.0-root.io.2",
"0.73.0-root.io.3",
"0.74.0-root.io.3"
]
total_fixed_versions
6.0
upstream_version
"0.74.0-root.io.3"
root_patched
true
root_patch_version
""
source
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44902.json"
@opentelemetry/auto-instrumentations-node
@opentelemetry/exporter-prometheus
Package
- Name
- @opentelemetry/exporter-prometheus
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.202.0-aikido.2Fixed0.216.0-aikido.2Fixed0.207.0-aikido.2Fixed0.215.0-aikido.2Fixed0.213.0-aikido.2Fixed0.204.0-aikido.2Fixed0.207.0-aikido.3Fixed0.204.0-aikido.3Fixed0.202.0-aikido.3Fixed0.215.0-aikido.3Fixed0.213.0-aikido.3Fixed0.216.0-aikido.3
Database specific
total_fixed_versions
12.0
all_fixed_versions
[
"0.202.0-aikido.2",
"0.216.0-aikido.2",
"0.207.0-aikido.2",
"0.215.0-aikido.2",
"0.213.0-aikido.2",
"0.204.0-aikido.2",
"0.207.0-aikido.3",
"0.204.0-aikido.3",
"0.202.0-aikido.3",
"0.215.0-aikido.3",
"0.213.0-aikido.3",
"0.216.0-aikido.3"
]
upstream_version
"0.216.0-aikido.3"
root_patched
true
root_patch_version
""
source
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44902.json"
@opentelemetry/sdk-node
Package
- Name
- @opentelemetry/sdk-node
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.202.0-aikido.2Fixed0.213.0-aikido.2Fixed0.216.0-aikido.2Fixed0.204.0-aikido.2Fixed0.207.0-aikido.2Fixed0.215.0-aikido.2Fixed0.202.0-aikido.3Fixed0.216.0-aikido.3Fixed0.213.0-aikido.3Fixed0.207.0-aikido.3Fixed0.215.0-aikido.3
Database specific
total_fixed_versions
11.0
all_fixed_versions
[
"0.202.0-aikido.2",
"0.213.0-aikido.2",
"0.216.0-aikido.2",
"0.204.0-aikido.2",
"0.207.0-aikido.2",
"0.215.0-aikido.2",
"0.202.0-aikido.3",
"0.216.0-aikido.3",
"0.213.0-aikido.3",
"0.207.0-aikido.3",
"0.215.0-aikido.3"
]
upstream_version
"0.215.0-aikido.3"
root_patched
true
root_patch_version
""
source
"https://api.root.io/external/osv/ROOT-APP-NPM-CVE-2026-44902.json"