GHSA-8gmg-3w2q-65f4: OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR
Summary
OpenTelemetry eBPF Instrumentation (OBI) has a vulnerability where a local attacker controlling a Java process can overwrite arbitrary host files when Java injection is enabled and OBI runs with elevated privileges (special system permissions). The flaw occurs because the injector trusts an environment variable called TMPDIR from the target process without proper validation, and uses unsafe file creation methods that allow symlink attacks (where an attacker creates a link pointing to a different file to trick the system into overwriting it).
Solution / Mitigation
Upgrade to https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.8.0.
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-8gmg-3w2q-65f4
First tracked: April 17, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%