Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-49134
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-01 Jun, 2026 | 18:53
Updated At-02 Jun, 2026 | 12:39
Rejected At-
▼CVE Numbering Authority (CNA)
CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload into it, and executes it with administrator privileges via bash, allowing a same-user local process to rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root.

Affected Products
Vendor
steipete
Product
CodexBar
Repo
https://github.com/steipete/CodexBar
Default Status
affected
Versions
Affected
  • From 0 before 0.32.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-377Insecure Temporary File
Type: CWE
CWE ID: CWE-377
Description: Insecure Temporary File
Metrics
VersionBase scoreBase severityVector
4.07.5HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.17.1HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Chia Min Jun Lennon
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/steipete/CodexBar/releases/tag/v0.32.0
release-notes
https://github.com/steipete/CodexBar/pull/1222
issue-tracking
https://github.com/steipete/CodexBar/commit/dbc944d46cd4cf7877d1ca47c44556fe573b46e8
patch
https://www.vulncheck.com/advisories/codexbar-privilege-escalation-via-cli-installer-temp-file
third-party-advisory
Hyperlink: https://github.com/steipete/CodexBar/releases/tag/v0.32.0
Resource:
release-notes
Hyperlink: https://github.com/steipete/CodexBar/pull/1222
Resource:
issue-tracking
Hyperlink: https://github.com/steipete/CodexBar/commit/dbc944d46cd4cf7877d1ca47c44556fe573b46e8
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/codexbar-privilege-escalation-via-cli-installer-temp-file
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/steipete/CodexBar/pull/1222
exploit
Hyperlink: https://github.com/steipete/CodexBar/pull/1222
Resource:
exploit
Details not found