216.73.217.22

CVE-2026-49134

· Published 01/06/2026 21:16 · Modified 02/06/2026 14:43

Labels: CVE-2026-49134 2026-06-01CVE-2026-49134CWE-377[email protected]

Essential information

Published
01/06/2026 21:16
Modified
02/06/2026 14:43
Author
Creator
CVSS
7.5 HIGH (v3) 7.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload into it, and executes it with administrator privileges via bash, allowing a same-user local process to rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
codexbar / codexbar cpe:2.3:a:codexbar:codexbar:*:*:*:*:*:*:*:*

References