Vulnerability Description
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is running with elevated privileges. The injector trusted TMPDIR from the target process and used unsafe file creation semantics, enabling both filesystem boundary escape and symlink-based file clobbering. This vulnerability is fixed in 0.8.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opentelemetry | Opentelemetry Ebpf Instrumentation | >= 0.4.0, < 0.8.0 |
Related Weaknesses (CWE)
References
- https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/taRelease Notes
- https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/adExploitThird Party Advisory
- https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/adExploitThird Party Advisory
FAQ
What is CVE-2026-41433?
CVE-2026-41433 is a vulnerability with a CVSS score of 8.4 (HIGH). OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker contro...
How severe is CVE-2026-41433?
CVE-2026-41433 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41433?
Check the references section above for vendor advisories and patch information. Affected products include: Opentelemetry Opentelemetry Ebpf Instrumentation.