CVE-2026-49134

HIGH 7.1

CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File

CVSS Score

7.1

EPSS Score

0.1%

EPSS Percentile

18th

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell payload into it, and executes it with administrator privileges via bash, allowing a same-user local process to rewrite the installer body before the administrator prompt is approved, causing attacker-controlled commands to run as root.

CWE	CWE-377
Vendor	steipete
Product	codexbar
Published	Jun 1, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for steipete codexbar

Be the first to know when new high vulnerabilities affecting steipete codexbar are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

steipete / CodexBar

0 < 0.32.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/steipete/CodexBar/releases/tag/v0.32.0 github.com: https://github.com/steipete/CodexBar/pull/1222 github.com: https://github.com/steipete/CodexBar/commit/dbc944d46cd4cf7877d1ca47c44556fe573b46e8 vulncheck.com: https://www.vulncheck.com/advisories/codexbar-privilege-escalation-via-cli-installer-temp-file

Credits

Chia Min Jun Lennon