CVE-2026-46388
Received
Received - Intake
osquery File Carve Privilege Escalation Vulnerability
Vulnerability report for CVE-2026-46388, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-10
Last updated on: 2026-07-10
Assigner: GitHub, Inc.
Description
Description
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osquery | osquery | 5.23.1 |
| osquery | osquery | to 5.23.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-279 | While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user. |
| CWE-378 | Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack. |
| CWE-379 | The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file. |