216.73.216.86

CVE-2026-49135

· Published 01/06/2026 21:16 · Modified 02/06/2026 14:43

Labels: CVE-2026-49135 2026-06-01CVE-2026-49135CWE-59[email protected]

Essential information

Published
01/06/2026 21:16
Modified
02/06/2026 14:43
Author
Creator
CVSS
7.2 HIGH (v3) 7.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read the App Store Connect API key written to a fixed path, pre-create files or symbolic links at predictable locations to redirect writes to attacker-controlled destinations, or tamper with notarization archives before submission.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
codexbar / codexbar cpe:2.3:a:codexbar:codexbar:<0.32.0:*:*:*:*:*:*:*

References