diff --git a/agents-kt-otel/build.gradle.kts b/agents-kt-otel/build.gradle.kts
index 6186126..94ec17d 100644
--- a/agents-kt-otel/build.gradle.kts
+++ b/agents-kt-otel/build.gradle.kts
@@ -26,11 +26,14 @@ configurations.all {
 
 dependencies {
     api(project(":agents-kt-observability"))
-    api("io.opentelemetry:opentelemetry-api:1.51.0")
+    // #2387 — 1.62.0 patches CVE in W3C Baggage propagation (unbounded
+    // memory + CPU on oversized headers). Per-propagator caps at 8,192
+    // bytes / 64 entries. Affects 1.51.0..1.61.0; no API changes touch us.
+    api("io.opentelemetry:opentelemetry-api:1.62.0")
 
     testImplementation(kotlin("test"))
     testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.11.0")
-    testImplementation("io.opentelemetry:opentelemetry-sdk-trace:1.51.0")
+    testImplementation("io.opentelemetry:opentelemetry-sdk-trace:1.62.0")
 }
 
 kotlin {
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 2f2ddd4..f3835cb 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -161,36 +161,44 @@
             <sha256 value="d811cf9f118cc2cad130c9427ad55c174d4c0a6f1a00ac1ae1c9bcbec5c44b19" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.opentelemetry" name="opentelemetry-api" version="1.51.0">
-         <artifact name="opentelemetry-api-1.51.0.jar">
-            <sha256 value="ed88c2876e5a525ccbb56eb918d7955797b9a245f113d50b9798d1634a90951d" origin="Generated by Gradle"/>
+      <component group="io.opentelemetry" name="opentelemetry-api" version="1.62.0">
+         <artifact name="opentelemetry-api-1.62.0.jar">
+            <sha256 value="d58143928c049233653e6bf1282ff8a767ebdd5e6a82b3f336158c30e40b431d" origin="Generated by Gradle"/>
          </artifact>
-         <artifact name="opentelemetry-api-1.51.0.module">
-            <sha256 value="f8196944418778486c54fe32b6b2abde39df6eb946ceba7abd9eb13e4180817b" origin="Generated by Gradle"/>
+         <artifact name="opentelemetry-api-1.62.0.module">
+            <sha256 value="dec6654baca397db5b84253f955c72ee38ecc3fb54e0f6a40fdef65bfc0d05a4" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.opentelemetry" name="opentelemetry-context" version="1.51.0">
-         <artifact name="opentelemetry-context-1.51.0.jar">
-            <sha256 value="df4e308883ef2a2f28415140c5629901f72223f9ec713063f93395cff11bf4a1" origin="Generated by Gradle"/>
+      <component group="io.opentelemetry" name="opentelemetry-common" version="1.62.0">
+         <artifact name="opentelemetry-common-1.62.0.jar">
+            <sha256 value="d6310bebde67d65c1519696728d8604005315ed08ab14071956fc0826fd71815" origin="Generated by Gradle"/>
          </artifact>
-         <artifact name="opentelemetry-context-1.51.0.module">
-            <sha256 value="944f1c052c2702a9a7cff8d28d22554b08f031bae088faefadddc5fb27dc7aba" origin="Generated by Gradle"/>
+         <artifact name="opentelemetry-common-1.62.0.module">
+            <sha256 value="19c2d41eb14f1300dea3991a0895adedb6ddd8c64bb2579b84764525c6cd7f3d" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.opentelemetry" name="opentelemetry-sdk-common" version="1.51.0">
-         <artifact name="opentelemetry-sdk-common-1.51.0.jar">
-            <sha256 value="0454b7e14f09dbae3817b85c1b89bfe9ad9f3ae87f1aa8508689567ea5599921" origin="Generated by Gradle"/>
+      <component group="io.opentelemetry" name="opentelemetry-context" version="1.62.0">
+         <artifact name="opentelemetry-context-1.62.0.jar">
+            <sha256 value="8ec86c3609222b9b6307bf40154c1f1c288d1f18ada0155409e7797adbdbe517" origin="Generated by Gradle"/>
          </artifact>
-         <artifact name="opentelemetry-sdk-common-1.51.0.module">
-            <sha256 value="0e5d68af26195d626e60d9d50ccf4a31a54bbd1ebc73ed82683fa2b6371525cf" origin="Generated by Gradle"/>
+         <artifact name="opentelemetry-context-1.62.0.module">
+            <sha256 value="f5d687f2b74643ab7586c27e282d0207917cdcdb78bc7f34abeac066ff20e8a6" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.opentelemetry" name="opentelemetry-sdk-trace" version="1.51.0">
-         <artifact name="opentelemetry-sdk-trace-1.51.0.jar">
-            <sha256 value="5300c485d63e425925600f2daa9e7bbd9f81bd28dfc14a62922d9f46150fe730" origin="Generated by Gradle"/>
+      <component group="io.opentelemetry" name="opentelemetry-sdk-common" version="1.62.0">
+         <artifact name="opentelemetry-sdk-common-1.62.0.jar">
+            <sha256 value="bf9d13df9a50e49a5db664ba8ebfad79f73f03219d2ac6f6709d432f6896eba0" origin="Generated by Gradle"/>
          </artifact>
-         <artifact name="opentelemetry-sdk-trace-1.51.0.module">
-            <sha256 value="35b1a2ef58557ecd711897aaa83638ed15ed91e4aac77823dcb9220abb3b1513" origin="Generated by Gradle"/>
+         <artifact name="opentelemetry-sdk-common-1.62.0.module">
+            <sha256 value="927c186e1ee3530602902357ccdb88f4e01fe8de2935a75f86551da3459ba430" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="io.opentelemetry" name="opentelemetry-sdk-trace" version="1.62.0">
+         <artifact name="opentelemetry-sdk-trace-1.62.0.jar">
+            <sha256 value="fb6c0953b229a6da1db813135ae11a621bf9da56b7356c1e93049ed4b088c232" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="opentelemetry-sdk-trace-1.62.0.module">
+            <sha256 value="cc640b9d9bcf6b2b03fcebf5ff726a414a8a93ce5f5ff39d7b760258380eca53" origin="Generated by Gradle"/>
          </artifact>
       </component>
       <component group="junit" name="junit" version="4.13.2">