CVE-2026-43625
Deferred Deferred - Pending Action
Session Cookie Leakage in CodexBar Prior to 0.32.0

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-43625
EUVD
EUVD-2026-33748
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
steipete codexbar to 0.32.0 (exc)
codexbar codexbar to 0.32.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-43625 is a session cookie leakage vulnerability in CodexBar versions prior to 0.32.0. It occurs because the software improperly handles HTTP redirects for Amp and Ollama provider sessions, allowing network attackers to intercept imported browser session cookies. Specifically, if a provider-controlled redirect leads to a cleartext HTTP endpoint within the same provider domain, attackers positioned on the network path can capture these sensitive cookies transmitted in cleartext.

The root cause is that the redirect cookie policy checked only the destination host but did not verify that the redirect used HTTPS before attaching cookies. This allowed cookies to be sent over insecure HTTP connections, exposing them to interception.

Impact Analysis

This vulnerability can lead to unauthorized access to your session cookies by attackers who can intercept network traffic. If exploited, attackers could hijack your session or impersonate you within the affected provider sessions, potentially gaining access to sensitive information or services tied to those sessions.

The vulnerability requires an attacker to be positioned on the network path or to control a redirect target within the provider domain that issues a redirect to an insecure HTTP endpoint.

Detection Guidance

This vulnerability involves session cookie leakage via cleartext HTTP redirects within the same provider domain for Amp and Ollama sessions. To detect it on your network or system, you should monitor HTTP traffic for any cleartext requests that carry imported session cookies, especially those triggered by redirects from provider-controlled domains.

You can use network traffic analysis tools such as tcpdump or Wireshark to capture and inspect HTTP requests for session cookies transmitted over non-HTTPS connections.

  • Use tcpdump to capture HTTP traffic on port 80: tcpdump -i <interface> tcp port 80 -w capture.pcap
  • Analyze the capture with Wireshark to filter HTTP requests containing cookie headers: http.cookie
  • Look specifically for HTTP redirect responses (status codes 3xx) that lead to cleartext HTTP endpoints within the same provider domain.

Additionally, review application logs or debug output for any redirect handling related to Amp and Ollama providers that do not enforce HTTPS before attaching cookies.

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade CodexBar to version 0.32.0 or later, where the issue has been fixed by enforcing HTTPS requirements for cookie attachment during provider redirects.

This update ensures that session cookies are only attached to HTTPS URLs for Amp and Ollama providers, preventing exposure over cleartext HTTP connections.

If upgrading immediately is not possible, consider monitoring and blocking any HTTP redirects within the provider domains that could carry session cookies, and restrict network access to prevent interception of cleartext HTTP traffic.

Also, review and apply any relevant security patches or configuration changes that enforce HTTPS usage for session cookie handling in your environment.

Compliance Impact

The vulnerability in CodexBar prior to version 0.32.0 allows network attackers to intercept imported browser session cookies via cleartext HTTP redirects. This exposure of sensitive session cookies can lead to unauthorized access to user sessions and potentially sensitive data.

Such exposure of session cookies and potential unauthorized access could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information during transmission and storage.

By allowing session cookies to be transmitted over insecure HTTP connections, the vulnerability increases the risk of data breaches and unauthorized data access, which are critical concerns under these regulations.

The fix introduced in version 0.32.0 enforces HTTPS for cookie attachment during redirects, mitigating the risk of cleartext exposure and helping to maintain compliance with security requirements of such standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43625. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart