Skip to main content

Codexbar

4 CVEs product

Monthly

CVE-2026-49949 MEDIUM PATCH This Month

Credential interception in CodexBar before 0.33.0 exposes API keys, bearer tokens, and browser cookies to network-adjacent attackers through the shared ProviderHTTPClient transport's failure to validate redirect destinations. When a user initiates a credentialed request to an AI provider backend, an attacker positioned to inject redirect responses can steer the transport to a cross-origin host or a plaintext HTTP endpoint, causing CodexBar to forward the original credentials to the attacker-controlled destination. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, but the high confidentiality impact warrants prompt patching - especially for users on shared or untrusted networks.

Information Disclosure Codexbar
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-49135 HIGH PATCH This Week

Local privilege-level information disclosure and artifact tampering in CodexBar versions prior to 0.32.0 allows authenticated users on the same macOS host to read App Store Connect API keys and hijack release builds via predictable temporary file paths in the notarization workflow. The flaw stems from writing sensitive credentials and notarization archives to fixed, world-reachable locations rather than per-run private directories, enabling symlink races and pre-creation attacks. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Codexbar
NVD GitHub
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-49134 HIGH PATCH This Week

Local privilege escalation in CodexBar prior to 0.32.0 allows a same-user attacker to execute arbitrary commands as root by winning a TOCTOU race against the CLI installer's temporary file. The installer writes a privileged shell payload via mktemp and invokes it through bash under an administrator prompt, leaving a window in which the file body can be swapped before approval. No public exploit identified at time of analysis, but VulnCheck published an advisory and the upstream patch is merged.

Privilege Escalation Codexbar
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2026-43625 HIGH PATCH This Week

Cleartext session cookie exposure in CodexBar (a macOS menu bar AI provider client) prior to 0.32.0 allows network-positioned attackers to intercept imported browser session cookies for Amp and Ollama providers. The client failed to enforce HTTPS before reattaching imported cookies when a provider-controlled redirect pointed to a cleartext HTTP endpoint inside the same provider domain, leaking authentication material in plaintext. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Codexbar
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Credential interception in CodexBar before 0.33.0 exposes API keys, bearer tokens, and browser cookies to network-adjacent attackers through the shared ProviderHTTPClient transport's failure to validate redirect destinations. When a user initiates a credentialed request to an AI provider backend, an attacker positioned to inject redirect responses can steer the transport to a cross-origin host or a plaintext HTTP endpoint, causing CodexBar to forward the original credentials to the attacker-controlled destination. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, but the high confidentiality impact warrants prompt patching - especially for users on shared or untrusted networks.

Information Disclosure Codexbar
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Local privilege-level information disclosure and artifact tampering in CodexBar versions prior to 0.32.0 allows authenticated users on the same macOS host to read App Store Connect API keys and hijack release builds via predictable temporary file paths in the notarization workflow. The flaw stems from writing sensitive credentials and notarization archives to fixed, world-reachable locations rather than per-run private directories, enabling symlink races and pre-creation attacks. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Codexbar
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Local privilege escalation in CodexBar prior to 0.32.0 allows a same-user attacker to execute arbitrary commands as root by winning a TOCTOU race against the CLI installer's temporary file. The installer writes a privileged shell payload via mktemp and invokes it through bash under an administrator prompt, leaving a window in which the file body can be swapped before approval. No public exploit identified at time of analysis, but VulnCheck published an advisory and the upstream patch is merged.

Privilege Escalation Codexbar
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Cleartext session cookie exposure in CodexBar (a macOS menu bar AI provider client) prior to 0.32.0 allows network-positioned attackers to intercept imported browser session cookies for Amp and Ollama providers. The client failed to enforce HTTPS before reattaching imported cookies when a provider-controlled redirect pointed to a cleartext HTTP endpoint inside the same provider domain, leaking authentication material in plaintext. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Codexbar
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy