Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-49135

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-01 Jun, 2026 | 18:57
Updated At-02 Jun, 2026 | 13:27
Rejected At-
Credits

CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read the App Store Connect API key written to a fixed path, pre-create files or symbolic links at predictable locations to redirect writes to attacker-controlled destinations, or tamper with notarization archives before submission.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:01 Jun, 2026 | 18:57
Updated At:02 Jun, 2026 | 13:27
Rejected At:
â–¼CVE Numbering Authority (CNA)
CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read the App Store Connect API key written to a fixed path, pre-create files or symbolic links at predictable locations to redirect writes to attacker-controlled destinations, or tamper with notarization archives before submission.

Affected Products
Vendor
steipete
Product
CodexBar
Repo
https://github.com/steipete/CodexBar
Default Status
affected
Versions
Affected
  • From 0 before 0.32.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-377Insecure Temporary File
CWECWE-59Improper Link Resolution Before File Access ('Link Following')
Type: CWE
CWE ID: CWE-377
Description: Insecure Temporary File
Type: CWE
CWE ID: CWE-59
Description: Improper Link Resolution Before File Access ('Link Following')
Metrics
VersionBase scoreBase severityVector
4.07.2HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Version: 4.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Chia Min Jun Lennon
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/steipete/CodexBar/releases/tag/v0.32.0
release-notes
https://github.com/steipete/CodexBar/pull/1228
issue-tracking
https://github.com/steipete/CodexBar/commit/e7d932616508cee43ea9bcc63c269b14698de655
patch
https://www.vulncheck.com/advisories/codexbar-insecure-temporary-file-handling-in-notarization-workflow
third-party-advisory
Hyperlink: https://github.com/steipete/CodexBar/releases/tag/v0.32.0
Resource:
release-notes
Hyperlink: https://github.com/steipete/CodexBar/pull/1228
Resource:
issue-tracking
Hyperlink: https://github.com/steipete/CodexBar/commit/e7d932616508cee43ea9bcc63c269b14698de655
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/codexbar-insecure-temporary-file-handling-in-notarization-workflow
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/steipete/CodexBar/pull/1228
exploit
Hyperlink: https://github.com/steipete/CodexBar/pull/1228
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:01 Jun, 2026 | 21:16
Updated At:02 Jun, 2026 | 14:16

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read the App Store Connect API key written to a fixed path, pre-create files or symbolic links at predictable locations to redirect writes to attacker-controlled destinations, or tamper with notarization archives before submission.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.2HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 4.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-59Secondarydisclosure@vulncheck.com
CWE-377Secondarydisclosure@vulncheck.com
CWE ID: CWE-59
Type: Secondary
Source: disclosure@vulncheck.com
CWE ID: CWE-377
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/steipete/CodexBar/commit/e7d932616508cee43ea9bcc63c269b14698de655disclosure@vulncheck.com
N/A
https://github.com/steipete/CodexBar/pull/1228disclosure@vulncheck.com
N/A
https://github.com/steipete/CodexBar/releases/tag/v0.32.0disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/codexbar-insecure-temporary-file-handling-in-notarization-workflowdisclosure@vulncheck.com
N/A
https://github.com/steipete/CodexBar/pull/1228134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/steipete/CodexBar/commit/e7d932616508cee43ea9bcc63c269b14698de655
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/steipete/CodexBar/pull/1228
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/steipete/CodexBar/releases/tag/v0.32.0
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/codexbar-insecure-temporary-file-handling-in-notarization-workflow
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/steipete/CodexBar/pull/1228
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12Records found

CVE-2026-49134
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 18:53
Updated-02 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload into it, and executes it with administrator privileges via bash, allowing a same-user local process to rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root.

Action-Not Available
Vendor-steipete
Product-CodexBar
CWE ID-CWE-377
Insecure Temporary File
CVE-2011-3632
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.49% / 38.83%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:34
Updated-06 Aug, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

Action-Not Available
Vendor-hardlink_projecthardlinkDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxenterprise_linuxhardlinkhardlink
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-31250
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7.1||HIGH
EPSS-0.31% / 22.86%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 07:55
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
keylime %post scriplet allows for privilege escalation from keylime user to root

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.

Action-Not Available
Vendor-openSUSE
Product-tumbleweedTumbleweed
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-12749
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.56% / 42.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2019 | 16:11
Updated-13 Feb, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Action-Not Available
Vendor-n/afreedesktop.orgCanonical Ltd.
Product-dbusubuntu_linuxn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-54369
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.14% / 3.90%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 12:37
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation.

Action-Not Available
Vendor-acl projectRed Hat, Inc.
Product-aclRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-54371
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.14% / 3.90%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 12:39
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can redirect getfattr and setfattr operations to arbitrary files by substituting a symlink, leading to local privilege escalation when getfattr or setfattr is invoked by a privileged process over an attacker-controlled path.

Action-Not Available
Vendor-attr projectRed Hat, Inc.
Product-attrRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-0068
Matching Score-4
Assigner-HYPR Corp
ShareView Details
Matching Score-4
Assigner-HYPR Corp
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 10.41%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 19:51
Updated-04 Mar, 2025 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.

Action-Not Available
Vendor-hyprHYPRApple Inc.
Product-macosworkforce_accessWorkforce Access
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-3952
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.6||LOW
EPSS-0.57% / 42.89%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ManyDesigns Portofino WarFileLauncher.java createTempDir temp file

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. The name of the patch is 94653cb357806c9cf24d8d294e6afea33f8f0775. It is recommended to upgrade the affected component. The identifier VDB-213457 was assigned to this vulnerability.

Action-Not Available
Vendor-manydesignsManyDesigns
Product-portofinoPortofino
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-32610
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-73.38% / 99.40%
||
7 Day CHG~0.00%
Published-27 Jul, 2021 | 05:21
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

Action-Not Available
Vendor-n/aThe PHP GroupFedora ProjectDebian GNU/Linux
Product-debian_linuxfedoraarchive_tarn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-2064
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.40% / 31.98%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 21:01
Updated-07 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.

Action-Not Available
Vendor-rpcbind_projectrpcbind
Product-rpcbindrpcbind
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-16853
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-1.00% / 58.48%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-23 Feb, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OneDrive for Windows Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-onedriveOneDrive for Windows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-8455
Matching Score-4
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-4
Assigner-Check Point Software Ltd.
CVSS Score-7.1||HIGH
EPSS-0.39% / 31.13%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:05
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Action-Not Available
Vendor-n/aCheck Point Software Technologies Ltd.
Product-zonealarmCheck Point ZoneAlarm
CWE ID-CWE-65
Windows Hard Link
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
Details not found