CVE-2026-43625
Session Cookie Leakage in CodexBar Prior to 0.32.0
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| steipete | codexbar | to 0.32.0 (exc) |
| codexbar | codexbar | to 0.32.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in CodexBar prior to version 0.32.0 allows network attackers to intercept imported browser session cookies via cleartext HTTP redirects. This exposure of sensitive session cookies can lead to unauthorized access to user sessions and potentially sensitive data.
Such exposure of session cookies and potential unauthorized access could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information during transmission and storage.
By allowing session cookies to be transmitted over insecure HTTP connections, the vulnerability increases the risk of data breaches and unauthorized data access, which are critical concerns under these regulations.
The fix introduced in version 0.32.0 enforces HTTPS for cookie attachment during redirects, mitigating the risk of cleartext exposure and helping to maintain compliance with security requirements of such standards.
Can you explain this vulnerability to me?
CVE-2026-43625 is a session cookie leakage vulnerability in CodexBar versions prior to 0.32.0. It occurs because the software improperly handles HTTP redirects for Amp and Ollama provider sessions, allowing network attackers to intercept imported browser session cookies. Specifically, if a provider-controlled redirect leads to a cleartext HTTP endpoint within the same provider domain, attackers positioned on the network path can capture these sensitive cookies transmitted in cleartext.
The root cause is that the redirect cookie policy checked only the destination host but did not verify that the redirect used HTTPS before attaching cookies. This allowed cookies to be sent over insecure HTTP connections, exposing them to interception.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to your session cookies by attackers who can intercept network traffic. If exploited, attackers could hijack your session or impersonate you within the affected provider sessions, potentially gaining access to sensitive information or services tied to those sessions.
The vulnerability requires an attacker to be positioned on the network path or to control a redirect target within the provider domain that issues a redirect to an insecure HTTP endpoint.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves session cookie leakage via cleartext HTTP redirects within the same provider domain for Amp and Ollama sessions. To detect it on your network or system, you should monitor HTTP traffic for any cleartext requests that carry imported session cookies, especially those triggered by redirects from provider-controlled domains.
You can use network traffic analysis tools such as tcpdump or Wireshark to capture and inspect HTTP requests for session cookies transmitted over non-HTTPS connections.
- Use tcpdump to capture HTTP traffic on port 80: tcpdump -i <interface> tcp port 80 -w capture.pcap
- Analyze the capture with Wireshark to filter HTTP requests containing cookie headers: http.cookie
- Look specifically for HTTP redirect responses (status codes 3xx) that lead to cleartext HTTP endpoints within the same provider domain.
Additionally, review application logs or debug output for any redirect handling related to Amp and Ollama providers that do not enforce HTTPS before attaching cookies.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade CodexBar to version 0.32.0 or later, where the issue has been fixed by enforcing HTTPS requirements for cookie attachment during provider redirects.
This update ensures that session cookies are only attached to HTTPS URLs for Amp and Ollama providers, preventing exposure over cleartext HTTP connections.
If upgrading immediately is not possible, consider monitoring and blocking any HTTP redirects within the provider domains that could carry session cookies, and restrict network access to prevent interception of cleartext HTTP traffic.
Also, review and apply any relevant security patches or configuration changes that enforce HTTPS usage for session cookie handling in your environment.