CVE-2026-49134
Privilege Escalation in CodexBar CLI Installer via Race Condition
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codexbar | codexbar | to 0.32.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-377 | Creating and using insecure temporary files can leave application and system data vulnerable to attack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in CodexBar prior to version 0.32.0 is a privilege escalation issue in its CLI installer. It arises from a race condition in how temporary files are handled during installation. Specifically, the installer creates a temporary file using mktemp, writes a privileged shell payload into it, and then executes this payload with administrator privileges via bash. Because of the race condition, a local attacker running under the same user can rewrite the installer's body before the administrator prompt is approved, causing arbitrary commands controlled by the attacker to be executed as root.
How can this vulnerability impact me? :
This vulnerability allows a local attacker to execute arbitrary commands with root privileges on the affected system. This means the attacker can gain full control over the system, potentially leading to unauthorized access, data theft, system compromise, installation of malware, or disruption of services.