Skip to main content

CodexBar EUVDEUVD-2026-33750

| CVE-2026-49134 HIGH
Insecure Temporary File (CWE-377)
2026-06-01 VulnCheck GHSA-gg57-wg6f-c8vg
7.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jun 01, 2026 - 21:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 01, 2026 - 21:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 01, 2026 - 21:22 vuln.today
cvss_changed
CVSS changed
Jun 01, 2026 - 21:22 NVD
7.1 (HIGH) 7.5 (HIGH)
Source Code Evidence Fetched
Jun 01, 2026 - 20:51 vuln.today
Analysis Generated
Jun 01, 2026 - 20:51 vuln.today

DescriptionCVE.org

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload into it, and executes it with administrator privileges via bash, allowing a same-user local process to rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root.

AnalysisAI

Local privilege escalation in CodexBar prior to 0.32.0 allows a same-user attacker to execute arbitrary commands as root by winning a TOCTOU race against the CLI installer's temporary file. The installer writes a privileged shell payload via mktemp and invokes it through bash under an administrator prompt, leaving a window in which the file body can be swapped before approval. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Gain same-user local foothold on macOS
Delivery
Wait for user to launch CodexBar CLI installer
Exploit
Watch mktemp-created script path
Install
Overwrite script body during admin prompt
C2
User approves authorization
Execute
bash executes attacker payload as root
Impact
Persist via root-owned LaunchDaemon

Vulnerability AssessmentAI

Exploitation Requires the attacker to already have local code execution as the same user account that runs the CodexBar CLI installer on macOS, and requires that user to actively initiate the install/upgrade and approve the macOS administrator authorization prompt (UI:P in CVSS) - a passing race window between mktemp script creation and bash-as-root execution must be won (AC:H). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals conflict and should be reconciled before prioritization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already has unprivileged code execution as the target user on macOS (for example via a malicious helper, dropped LaunchAgent, or earlier phishing payload) monitors for the CodexBar CLI installer to create its mktemp script. When the user triggers the install and the macOS authorization prompt appears, the attacker's process overwrites the temporary script body with arbitrary commands; once the user approves, bash executes the attacker's payload as root. …
Remediation Vendor-released patch: CodexBar 0.32.0 - upgrade immediately via the GitHub release at https://github.com/steipete/CodexBar/releases/tag/v0.32.0 (the relevant changelog entry reads 'CLI: avoid executing a same-user mutable temporary installer script across the macOS administrator privilege boundary'). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running CodexBar and identify installations prior to version 0.32.0. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33750 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy