Local File Overwrite Vulnerability in OpenTelemetry eBPF Instrumentation by OpenTelemetry
CVE-2026-41433

8.4HIGH

Key Information:

Vendor: Open-telemetry
Status: Opentelemetry-ebpf-instrumentation
Vendor: CVE Published:; 24 April 2026

🔔 Create Open-telemetry Vulnerability Alert

What is CVE-2026-41433?

The OpenTelemetry eBPF Instrumentation has a vulnerable Java agent injection path that allows local attackers with control over a Java workload to overwrite arbitrary host files. This exploit occurs when Java injection is enabled along with elevated privileges on OBI. The flaw stems from the mishandling of the TMPDIR variable from the target process and employs unsafe file creation methods, which can lead to filesystem boundary escape and symlink-based file clobbering. This vulnerability has been addressed in version 0.8.0 of the product.

Affected Version(s)

opentelemetry-ebpf-instrumentation >= 0.4.0, < 0.8.0

References

https://github.com/open-telemetry/opentelemetry-ebpf-inst...

x_refsource_CONFIRM

https://github.com/open-telemetry/opentelemetry-ebpf-inst...

x_refsource_MISC

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41433 Data

JSON