Trust Center

In response to OpenSSL’s official advisory published on January 27, 2026 regarding twelve (12) vulnerabilities, Datadog triggered its incident response process to assess exposure, validate detections, and coordinate remediation. We identified affected OpenSSL versions in a limited set of components, including the Datadog Agent, and will deploy fixes promptly in accordance with our standard vulnerability remediation SLAs, following required validation and staged rollout procedures.

Customers should review OpenSSL’s official advisory and apply applicable patches in their own environments. At this time, we have no reports of widespread exploitation and will continue to monitor and provide updates if we identify material changes.

In response to the recently disclosed React Server Components vulnerability, CVE-2025-55182, Datadog security conducted an investigation and confirmed that we are not impacted. However, we suggest customers refer to our Research Feed and Security Labs blog post for guidance to assess potential exposure and take the suggested mitigations to secure their applications.

Since the Shai-Hulud worm campaign affecting NPM packages began in September 2025, we have been assessing our own environment for impact and have confirmed that Datadog has not been impacted by the initial iteration nor the most recent Shai-Hulud 2.0 worm campaign. We have implemented detections for the worm, and are continuously monitoring for infected packages and reviewing potential usage at Datadog. Independent of this campaign, Datadog also proactively monitors for exposure of customer Datadog credentials, such as API and Application keys, and notifies impacted customers.

We’re pleased to announce that summaries of the 2025 penetration tests for Datadog, Cloudcraft, and CoScreen (performed by NCC Group), as well as Metaplane (performed by Cobalt Group), are available on our security portal. These summaries are accompanied by Letters of Assessment.

We conducted an internal investigation and confirmed there is no direct impact to Datadog from the Salesloft Drift breach. Datadog has never installed or used any Salesloft integration, including Drift.

We are actively engaging with our vendors to assess any potential indirect impact through our supply chain.