OBI fixes privileged Java agent TMPDIR host file overwrite
TL;DR - If you run OpenTelemetry eBPF Instrumentation with privileged Java injection enabled, a local Java workload can steer the injector into overwriting arbitrary host files via untrusted TMPDIR.
What happened
OpenTelemetry eBPF Instrumentation (OBI) is a host-level eBPF-based instrumentation system that can inject a Java agent into running JVM workloads.
CVE-2026-41433 is a high-severity local vulnerability in the Java agent staging and injection flow. The injector trusts TMPDIR read from the target process environment, then uses that value to choose where to write the agent JAR (obi-java-agent.jar). A path handling flaw lets absolute paths escape the intended /proc/<pid>/root boundary, and unsafe file creation semantics (O_TRUNC plus no symlink protections) turn this into a host file clobber primitive.
Concretely, the advisory points at pkg/internal/java/java_inject.go and the findTempDir(...), dirOK(...), and copyAgent(...) paths. If OBI runs with elevated privileges, a workload-level attacker who can control a local Java process can potentially pivot into host integrity compromise. This is the same recurring risk pattern as other privileged “agent injection” systems: untrusted workload inputs influencing privileged host file writes.
Who is impacted
- Deployments of
opentelemetry-ebpf-instrumentationwhere Java injection is enabled and OBI runs with elevated privileges. - Environments where untrusted local workloads can run or control Java processes on the same host (multi-tenant nodes, shared clusters, shared build or observability hosts).
| Item | Source value |
|---|---|
| Affected versions | >= 0.4.0, < 0.8.0 |
| Patched version (as stated) | 0.8.0 |
| Severity | CVSS 3.1 8.4 (High) |
| CVSS vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
What to do now
- Follow vendor remediation guidance and move off impacted versions.
"This vulnerability is fixed in 0.8.0."
- Inventory where OBI is deployed with Java injection enabled, especially on hosts shared across teams or tenants.
- Treat any host running privileged injection as a high-value boundary:
- restrict who can schedule or run Java workloads on those hosts
- review host and container hardening controls that limit cross-workload influence on privileged agents
- If you suspect abuse, investigate for unexpected writes or truncations of sensitive host files around the time Java injection ran, and rotate credentials accessible to the affected host.
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.