๐Ÿ” CVE Alert

CVE-2026-46388

MEDIUM 4.4

osquery: Unprivileged users can temporarily read file carve contents

CVSS Score
4.4
EPSS Score
0.0%
EPSS Percentile
0th

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.

CWE CWE-279 CWE-378 CWE-379
Vendor osquery
Product osquery
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for osquery osquery

Be the first to know when new medium vulnerabilities affecting osquery osquery are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

osquery / osquery
< 5.23.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/osquery/osquery/security/advisories/GHSA-fg78-9q98-62hh github.com: https://github.com/osquery/osquery/pull/8961 github.com: https://github.com/osquery/osquery/commit/6dabe9ded33bf9c6fc0f3e37ec364a1cbbd25d68 github.com: https://github.com/osquery/osquery/releases/tag/5.23.1