CVE Field Guide
About Us
CVE-2026-21991
PUBLISHED
Assigner:
oracle
Reserved:
05.01.2026
Published:
16.03.2026
Updated:
17.03.2026
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Score:
5.5
CVSS score
5.5
Attack Vector
Local
Scope
Unchanged
Attack Complexity
Low
Confidentiality Impact
None
Privileges Required
Low
Integrity Impact
None
User Interaction
None
Availability Impact
High
CVSS 3.1
Product Status
Vendor
Oracle Corporation
Product
Oracle Linux
Versions
Version 8 is affected
Version 9 is affected
Version 10 is affected
References
Oracle Advisory
Problem Types
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.
text