Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.
AnalysisAI
Cleartext session cookie exposure in CodexBar (a macOS menu bar AI provider client) prior to 0.32.0 allows network-positioned attackers to intercept imported browser session cookies for Amp and Ollama providers. The client failed to enforce HTTPS before reattaching imported cookies when a provider-controlled redirect pointed to a cleartext HTTP endpoint inside the same provider domain, leaking authentication material in plaintext. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must hold an adversary-in-the-middle position on the network path between the victim's macOS host running CodexBar < 0.32.0 and the Amp or Ollama provider endpoint (e.g., shared/hostile Wi-Fi, compromised router, or control over a redirect target inside the provider domain). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 4.0 vector AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N scores 8.2 and reflects a network-reachable, unauthenticated, no-user-interaction confidentiality-only impact, but with AT:P indicating special attack requirements - specifically that the attacker must be positioned on the network path between the victim and the provider AND that a provider redirect into a cleartext HTTP target must occur. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A user on a coffee-shop Wi-Fi launches CodexBar, which refreshes its Amp or Ollama provider status using imported browser session cookies; an attacker on the same LAN intercepts or induces a provider response that 302-redirects to an http:// URL on the provider's own domain, and CodexBar follows the redirect with the session cookie attached in cleartext. The attacker captures the cookie off the wire and replays it to impersonate the user against the provider. … |
| Remediation | Vendor-released patch: CodexBar 0.32.0 - upgrade immediately via the release at https://github.com/steipete/CodexBar/releases/tag/v0.32.0 (fix is PR #1226, commit cdd7e347c1cf616615f18aa2ac52ba2ec9cab332). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all macOS endpoints with CodexBar installed and document systems with Amp or Ollama provider integrations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local privilege escalation in CodexBar prior to 0.32.0 allows a same-user attacker to execute arbitrary commands as root
Local privilege-level information disclosure and artifact tampering in CodexBar versions prior to 0.32.0 allows authenti
Credential interception in CodexBar before 0.33.0 exposes API keys, bearer tokens, and browser cookies to network-adjace
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33748
GHSA-x92v-hcjq-jcx7