CVE-2026-46388
osquery: Unprivileged users can temporarily read file carve contents
CVSS Score
4.4
EPSS Score
0.0%
EPSS Percentile
0th
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.
| CWE | CWE-279 CWE-378 CWE-379 |
| Vendor | osquery |
| Product | osquery |
| Published | Jul 10, 2026 |
| Last Updated | Jul 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for osquery osquery
Be the first to know when new medium vulnerabilities affecting osquery osquery are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
osquery / osquery
< 5.23.1
References
github.com: https://github.com/osquery/osquery/security/advisories/GHSA-fg78-9q98-62hh github.com: https://github.com/osquery/osquery/pull/8961 github.com: https://github.com/osquery/osquery/commit/6dabe9ded33bf9c6fc0f3e37ec364a1cbbd25d68 github.com: https://github.com/osquery/osquery/releases/tag/5.23.1