CVE-2026-49134— CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File
Possible ATT&CK Techniques 1AI
T1068 · Exploitation for Privilege EscalationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-49134
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File
Source: NVD (National Vulnerability Database)
Vulnerability Description
CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload into it, and executes it with administrator privileges via bash, allowing a same-user local process to rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不安全的临时文件
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-49134
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-49134
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-49134 (2)
Vendor Advisories for CVE-2026-49134 (1)
Other References for CVE-2026-49134 (1)
Same Patch Batch · steipete · 2026-06-01 · 3 CVEs total
| CVE-2026-49135 | 7.1 HIGH | CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow |
| CVE-2026-43625 | 5.9 MEDIUM | CodexBar < 0.32.0 Session Cookie Exposure via HTTP Redirect |
IV. Related Vulnerabilities
Same vendor: steipete
- CVE-2026-49135
CodexBar < 0.32.0 Insecure Temporary File Handling in Notari - CVE-2026-43625
CodexBar < 0.32.0 Session Cookie Exposure via HTTP Redirect - CVE-2026-45246
Summarize < 0.15.1 Insecure File Permissions Information Dis - CVE-2026-45245
Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted - CVE-2026-45244
Summarize < 0.15.1 Unapproved Browser Automation Execution
Same weakness: CWE-377
V. Comments for CVE-2026-49134
No comments yet