Skip to main content

CodexBar EUVDEUVD-2026-33748

| CVE-2026-43625 HIGH
Cleartext Transmission of Sensitive Information (CWE-319)
2026-06-01 VulnCheck GHSA-x92v-hcjq-jcx7
8.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Source Code Evidence Fetched
Jun 01, 2026 - 19:35 vuln.today
Analysis Generated
Jun 01, 2026 - 19:35 vuln.today
Severity Changed
Jun 01, 2026 - 19:22 NVD
MEDIUM HIGH
CVSS changed
Jun 01, 2026 - 19:22 NVD
5.9 (MEDIUM) 8.2 (HIGH)

DescriptionCVE.org

CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.

AnalysisAI

Cleartext session cookie exposure in CodexBar (a macOS menu bar AI provider client) prior to 0.32.0 allows network-positioned attackers to intercept imported browser session cookies for Amp and Ollama providers. The client failed to enforce HTTPS before reattaching imported cookies when a provider-controlled redirect pointed to a cleartext HTTP endpoint inside the same provider domain, leaking authentication material in plaintext. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain AitM position on victim network
Delivery
Wait for CodexBar Amp/Ollama refresh
Exploit
Induce or observe provider HTTP redirect to cleartext target
Execution
Client reattaches imported cookie over HTTP
Persist
Capture cleartext cookie off the wire
Impact
Replay cookie to provider as victim

Vulnerability AssessmentAI

Exploitation Attacker must hold an adversary-in-the-middle position on the network path between the victim's macOS host running CodexBar < 0.32.0 and the Amp or Ollama provider endpoint (e.g., shared/hostile Wi-Fi, compromised router, or control over a redirect target inside the provider domain). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 vector AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N scores 8.2 and reflects a network-reachable, unauthenticated, no-user-interaction confidentiality-only impact, but with AT:P indicating special attack requirements - specifically that the attacker must be positioned on the network path between the victim and the provider AND that a provider redirect into a cleartext HTTP target must occur. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A user on a coffee-shop Wi-Fi launches CodexBar, which refreshes its Amp or Ollama provider status using imported browser session cookies; an attacker on the same LAN intercepts or induces a provider response that 302-redirects to an http:// URL on the provider's own domain, and CodexBar follows the redirect with the session cookie attached in cleartext. The attacker captures the cookie off the wire and replays it to impersonate the user against the provider. …
Remediation Vendor-released patch: CodexBar 0.32.0 - upgrade immediately via the release at https://github.com/steipete/CodexBar/releases/tag/v0.32.0 (fix is PR #1226, commit cdd7e347c1cf616615f18aa2ac52ba2ec9cab332). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all macOS endpoints with CodexBar installed and document systems with Amp or Ollama provider integrations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33748 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy